Instructure warns UC, Northwest schools of breach after millions of students' data stolen

Instructure, the maker of Canvas confirmed that a cyberattack has affected a data breach involving personal data of millions of students.

Canvas, a learning management system also used by the University of California, has named the group behind this cyberattack in a statement: the Shiny Hunters.

The hackers have posted a ransom note on school Canvas homepages on Thursday, May 7, 2026.

The ransomware group has claimed responsibility and says it stole roughly 275 million records linked to students, teachers and staff.

The company provided the latest update on its status page.

Instructure said the “platform was available again for most of users.

However, the company in its earlier update placed Canvas in maintenance mode at 21:17 MDT.

Several school representatives from the Northwest region have raised concerns over Canvas data breach.

Tigard-Tualatin School District leaders said hackers likely accessed names, email addresses, student ID numbers.

The district wrote a letter to families, stating, “We are writing to share that Instructure, the company that provides our Canvas learning management system, has experienced a cybersecurity incident. Canvas is used by students in grades 6-12.”

Families of those children affected by the cyberattack voiced concern after students were unable to log in to their accounts during the outage.

According to some U.S. media outlets, the Shiny Hunters’ name is linked with massive data releases of stolen data.

The notorious hacker commonly known in the IT circles as The Com.