Canvas hack strands university students during finals week

By Ramishah Maruf, Emma Tucker, CNN

New York (CNN) — Students attempting to access grades, study materials and quizzes were met instead with a message from a hacking group on Thursday.

Universities and school systems across the country, from local school districts to Georgetown University, reported a ransom note on the homepage of their schools’ Canvas sites. Canvas is a popular, cloud-based digital hub for classrooms.

Canvas has more than 30 million active users globally, parent company Instructure says on its website, with more than 8,000 institutions as customers. Many of those students are in the middle of a busy Spring finals week.

Several universities across the country, including Columbia University, Rutgers, Princeton, Kent State, Harvard and Georgetown have issued statements alerting students to the hack impacting institutions nationwide. School districts in California, Florida, Georgia, Oklahoma, Oregon, Nevada, North Carolina, Tennessee, Utah, Virginia and Wisconsin have also been affected.

This is the second data breach this month among schools and universities. Hacking group ShinyHunters claimed responsibility for both attacks. In the note, reported by different student news outlets, the group demanded ransoms to prevent further data leaks.

“ShinyHunters has breached Instructure (again),” read a warning on a University of Washington student’s account around noon PT, which was seen by CNN. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”

Instructure said on its website that Canvas was “in maintenance mode” late Thursday afternoon, adding that it was investigating the issue.

On May 1, in a different attack, Instructure said it “experienced a cybersecurity incident perpetrated by a criminal threat actor” but contained the situation the next day. But the company indicated user names, email addresses and student ID numbers were breached.

“Instructure still has until EOD 12 May 2026 to contact us,” Thursday’s note from the hacking group said.

CNN has reached out to Instructure for comment.

Some students in panic, others welcome deadline extensions

One student impacted by the hack said he was in a panic when he was logged out of his Canvas account while trying to study for finals at the University of Pennsylvania.

“The biggest cause of fear and anxiety in me is that I was deprived of significant resources to study and do the best,” Anish Garimidi, a junior at the university, told CNN.

Garimidi called the incident “very troubling” but said he is grateful his professors “were accommodating and sending materials through other means.”

Another student, a sophomore at Georgetown University, said she returned home to Kentucky last week because all of her remaining projects were online via Canvas. But the digital hub went down Thursday afternoon for students at her school, who were instead greeted by a ransom note, Minhal Nazeer told CNN.

While a lot of students are “freaking out,” others — including her — are happy because the hack means students will have extended deadlines, Nazeer said.

“I was already in a good spot to finish all my papers, so I’m not too bothered by it, but I do see it is helping me a little, because I have gotten some extension. I just have more time to look over my things,” she said.

Melanie Topchyan, a senior at the University of California, Riverside, said she missed a quiz on Thursday due to the hack, which she said is interrupting students’ schedules.

Topchyan has a midterm next week for a “pretty difficult class,” she said, and is worried because she needs access to Canvas to review lecture recordings and notes.

“It is a little bit of a freakout,” she added.

Hack highlights schools’ reliance on digital hubs

While some students are worried about accessing class notes and lecture recordings, some professors are also facing a fundamental problem: contacting students.

“One thing that struck me was how dependent the professors and teaching staff were on it to even just communicate with students,” said Allison Park, a junior at the Massachusetts Institute of Technology.

“The fact that this one website was the link between teaching staff and students outside of class — I didn’t realize how big of a dependency we had on it until they were scrambling to find our emails,” Park added.

The primary purpose of Canvas is a submission tool, according to Park, and utilizing email as a form of mass communication almost feels outdated now. “There are materials on there, but they use the announcement feature to send class-wide emails; it’s not normally through emails,” she said.

Similarly, MIT student Liane Xu says all of her classes gather submissions on Canvas and also use the platform for grading. “An increasing number of classes have all of their content on other websites,” she said.

While classes could switch to email submissions, Xu says there are class notes, lecture videos and other study materials she needs to access on Canvas as the end of the semester approaches.

The disruption has led James Madison University to revise its exam schedule for students, originally scheduled for Friday but now delayed until Wednesday, the school said in an announcement.

For some seniors at schools like Columbia University, who have been participating in celebratory events in the past week, the hack took place at the “most inopportune time,” said a 22-year-old senior who declined to give his name.

That’s especially true for those who are just beginning to collect notes or compile study guides after having “pushed off the thought of having to take exams in the following week,” he told CNN.

“It’s unfortunate and we’re sort of the victims of this,” he said.

CNN’s Sarah Hutter, Ray Sanchez, Maria Aguilar Prieto and Jillian Sikes contributed to this story.

The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.