Canvas, the learning management platform used by over 8,000 universities and K-12 schools, experienced widespread outages Thursday as parent company Instructure grappled with a significant cybersecurity incident. Major institutions including Harvard and the University of Michigan alerted students during critical final exam periods that the platform was unavailable.

Hacking group ShinyHunters claimed responsibility, stating it accessed data from more than 275 million people across nearly 9,000 schools. The group threatened to leak "several billions of private messages among students and teachers" on May 12 if Instructure did not negotiate. The ransom note was shared by Ransomware.live on May 3.

Instructure disclosed the breach on May 1, confirming that compromised information included names, email addresses, student ID numbers and Canvas messages. The company stated passwords, birthdays, government identifiers and financial data were not affected. Chief Information Security Officer Steve Proud said the breach was contained as of May 2 and Canvas resumed full operation by Wednesday.

The incident raises serious questions about data security in educational technology. ShinyHunters has previously targeted major corporations including Ticketmaster, Microsoft and AT&T, and recently focused on education companies like Infinite Campus and McGraw Hill.