District recommends three-prong approach to stall global Canvas cyberattack

The attack perpetrated by the group ShinyHunters led to mass Canvas outages worldwide

By Michel Melichar and Daimler Koch, Staff Writers

Instructure has paid over $100 million to ShinyHunters to prevent nationwide data leaks and restore Canvas access to over 9,000 institutions before the end-of-day deadline on May 12, according to an anonymous source.

LACCD personnel are encouraging caution as students and teachers return to online classes and navigate Canvas. They recommend Canvas users to take the following precautions: “Treat Canvas messages as suspicious, change your password, and turn on two-factor authentication.”

The hackers broke into the Canvas system on May 7, and users were greeted with a message that read:

“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.”

The message was accompanied by a text document of affected schools along with an address linking to the hacker group’s dark-web site.

ShinyHunters also stated that 275 million individuals’ information, along with billions of private messages, with up to 3.65TB of data from thousands of universities and school districts globally, had been ransomed.

The hackers collected usernames, course names, messages and enrollment information, according to a statement put out by Instructure’s CEO.  

Students nationwide were locked out of Canvas starting Thursday, with some reporting access to the educational site on Thursday evening and others not until Sunday night.

Some students reported being able to access the platform via the Canvas app, though administrative services were not functional during the outage’s duration. 

Gianmarco Razuri, a film student who works at the ESL office, found out that Canvas went down when he and his coworkers tried logging onto the portal to help students enroll.

“I work at the ESL office. I enroll students, so I have to, like, log into the portal. 
And it wasn't working,” said Razuri. “And then my coworker tried it. It wasn't working for them. 
My other coworker tried, but it wasn't working on their computer. So, like, what's wrong? And then my friend sent me a message, and he was like, ‘Oh, like, Canvas got hacked.’”

According to estimates by the Valley Star, roughly 1,600 schools nationwide use Canvas as their main education platform. MIT, Columbia University, the UCs, the CSUs and the LACCD were a few of the institutions affected.

The attack hit many of these universities as they were headed in for finals.

Eric Swelstad, a professor of media arts at Valley, had scheduled several online exams which he postponed to a later date.

“[… I was] very nervous this weekend, getting students the updates,” Swelstad said. 

Valley only paused asynchronous and hybrid asynchronous classes over the course of the outage, with in-person classes meeting as scheduled, according to emails sent out to all students' emails by LACCD staff.  

Mario Perez, a network engineer and principal investigator for the National Science Association grant for Valley, says that the hack might change how higher education institutions view and use learning management systems (LMS). 

“Cybersecurity is not only a subset of I.T. anymore. It’s more important now than it has ever been before as it’s a critical independent entity.”

He added how higher education institutions are more warranted to move to first-party LMS platforms, maintained by campus security departments, as opposed to large third party platforms like Canvas, showcasing a possible paradigm shift in the global education system.