Unbiased AI-powered news
Instructure said Canvas is now available for most of its 30 million users after a cyberattack that targeted nearly 9,000 institutions in multiple countries. ShinyHunters claimed it stole 3.5 terabytes of data including names, email addresses, student ID numbers and private messages, and set a May 12 ransom deadline.
Al JazeeraAn international cyberattack on the Canvas educational platform created by Instructure partially restored service for most users on Saturday after the company took the system offline on Thursday. Instructure detected unauthorized activity on April 29 and tied the intrusion to an issue involving its Free-For-Teacher accounts.
The company took Canvas offline on Thursday, engaged outside forensic experts, and notified the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency.
It temporarily shut down its Free-For-Teacher accounts after confirming the unauthorized actor exploited an issue related to those accounts. ShinyHunters, a global cybercrime syndicate established in 2019, claimed responsibility for the cyberattack on Canvas. 5 terabytes of data from Canvas, including names, email addresses, student ID numbers and private messages.
ShinyHunters threatened to release the stolen data if ransoms were not paid by May 12. On May 5, ShinyHunters posted a message saying Instructure had "not even bothered speaking to us" to prevent a data leak. " ShinyHunters has previously claimed responsibility for a data breach at Rockstar Games.
Instructure stated that names, email addresses, student ID numbers and private messages were compromised. Instructure stated there was no evidence that passwords, Social Security numbers or financial data were exposed. The company said most services were restored by Thursday though some maintenance issues remained under investigation.
Instructure stated on Saturday that Canvas is now available for most users. No incidents were reported on Saturday after partial restoration of Canvas. Canvas is used by more than 8,000 schools and universities globally, and about 30 million people across the globe use the Canvas system.
The breach targeted close to 9,000 institutions across the globe. The group targeted almost 9,000 schools. Affected countries include the United States, the Netherlands, Sweden, Australia and the United Kingdom.
The Federal Bureau of Investigation said it was aware of a service disruption impacting a learning system. The FBI stated the disruption has impacted schools, educational institutions, and students across the country. The FBI statement was issued on Friday.
U.S. schools are in the middle of exam season. Institutions including Penn State, Harvard, Illinois, Columbia and Georgetown are scrambling to extend or change exam deadlines. The Harvard Crimson said it could not access Canvas since Thursday.
The University of Cambridge temporarily suspended access to Canvas on Friday. The University of Sydney reported on Saturday that Canvas had been restored but was not yet accessible to staff or students pending completion of checks. The University of Alberta said Canvas was partially restored with reduced functionality.
Mississippi State University is among the thousands of schools affected. The cyberattack disrupted coursework, exams and student communications.
“This goes to show how vulnerable schools are, how vulnerable other institutions are by individuals who seek to exploit or extort at the worst possible time – armed with just a keyboard and a mouse." — Phil Lavelle, Al Jazeera correspondent in Florida. The data accessed from over 275 million people according to ShinyHunters. Instructure confirmed the unauthorized actor exploited an issue related to Free-For-Teacher accounts.”
These outlets didn't split into competing frames — coverage was uniform.
news.sky.comThe European Commission is reviewing expert recommendations for phased restrictions on children's social media access. President Ursula von der Leyen said new legislation could be proposed after the summer.
The European Union sanctioned nine people and four entities on July 13, 2026. Britain sanctioned 24 people and entities the same day over a network active since 2010.
globalnews.caTwenty-two member states pledged 30 to 35 gigawatts of new capacity by 2028 under the bloc's first tripartite deal. The European Commission will oversee annual progress tracking through 2028 as part of the Affordable Energy Plan.