• by Ray Schultz , Columnist, May 8, 2026

Colleges and universities were staggered this week by the takedown of Canvas, a learning management system, preventing millions of students from taking final exams and pursuing other activities. 

On Wednesday, Canvas said, “Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.”

But significant damage may already have been done. Data on 275 million people, including students and teachers at 9,000 schools worldwide, have been exposed This includes personally identifiable information (PII), messages  and other data that can be utilized in phishing attacks. 

The bringdown was caused by ShinyHunters, a hacking group hreatening to expose information while insisting on a separate settlement with each school— an alarming instance of an entire industry being taken down by hackers.

Millions have seen a message from the bad actors on their Canvas pages. ShinyHunters threatens to leak data—“several billions of private messages among students and teachers”—on May 12 if it does not hear from Instructure, a company that provides roughly half of colleges with Canvas, The New York Times reports. 

Meanwhile, schools are attempting to cope with the problem. For instance, the University of Illinois has postponed final exams and assignments from Friday through Sunday, according to local reports. And students have been advised of the issue by every school from the University of Michigan to Harvard, the Times continues.

Canvas stated, “As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where applicable.”

On Wednesday, Canvas said, “This will be our final update via this status page for this incident. We will continue to provide updates as appropriate through other channels and are now communicating directly with impacted customers to provide organization-specific information and support.”

Instructure  posted on Thursday that “Canvas is available for most users. Canvas Beta and Canvas Test are still in maintenance." 

And the students? They are trying to remain sharp in the face of postponed exams. And they have been advised to be alert for phishing attacks.