Cyberattack on Canvas Learning System Puts Millions of Student and Teacher Data at Risk
A significant cyberattack has targeted Instructure, the company behind the Canvas learning management system, which is widely used by K-12 schools and universities across the United States. The hacking group ShinyHunters has claimed responsibility for the breach, which has potentially compromised data from millions of students and teachers. The attack was discovered on April 29, 2026, and has led to disruptions in educational institutions, particularly during the critical period of final exams. Instructure has taken Canvas offline to investigate and contain the breach, affecting many schools' ability to conduct online learning. The compromised data includes names, email addresses, and student identification numbers, though there is no evidence yet of more sensitive information like Social Security numbers being accessed. The incident has prompted some school districts to temporarily disable access to Canvas as a precautionary measure. 
