Algo v0.31
Substrate
technology

Instructure Puts Canvas in Maintenance Mode During Data Breach Probe

Students at universities including the University of Pennsylvania, Georgetown University and the University of Oklahoma encountered ransom notes on Canvas on Thursday. The hacking group ShinyHunters demanded contact by end of day 12 May 2026 or it would leak data from 9,000 schools affecting 275 million people. Instructure placed the service in maintenance mode while investigating.

Cnn
The Verge
Cbs News
The New York Times
Mississippi Today
Wired
+2
8 sources·May 8, 12:02 AM(20 hrs ago)·1m read
Instructure Puts Canvas in Maintenance Mode During Data Breach ProbeThe Verge
Audio version
Tap play to generate a narrated version.
Developing·Limited corroboration so far. This page will refresh as more sources emerge.

Instructure placed its Canvas, Canvas Beta and Canvas Test environments in maintenance mode late Thursday afternoon while it investigated a claimed intrusion, according to a notice posted on the company’s website. ” The message included a link to a list of schools the group claims to have accessed through Canvas.

Canvas is a cloud-based platform used by more than 30 million active users and more than 8,000 institutions globally. Universities including the University of Pennsylvania, Georgetown University and the University of Oklahoma reported the ransom note appearing on their Canvas homepages while students were in the middle of spring finals week.

Instructure said it contained a cybersecurity incident perpetrated by a criminal threat actor on May 1 and contained the situation the next day. The company has confirmed that user names, email addresses and student ID numbers were accessed in that May 1 incident. Instructure said last week that it deployed patches to enhance system security following the breach.

ShinyHunters’ data-leak site lists 9,000 schools and claims data belonging to 275 million students, teachers and other staff. The group has demanded ransom payments to prevent further data leaks. This is the second incident involving the group this month.

Key Facts

ShinyHunters claims second breach of Instructure's Canvas pl
The group left ransom messages on university Canvas homepages demanding contact by end of day 12 May 2026, threatening to leak data from 9,000 schools and 275 m
Canvas serves more than 30 million active users at over 8,00
The cloud-based learning platform was disrupted during Spring finals week at schools including University of Pennsylvania, Georgetown University and University
May 1 breach exposed names, emails and student IDs
Instructure contained that incident the next day but deployed security patches last week; the new attack occurred despite those measures according to the hacker
cybersecurityeducation-technologydata-breachransomware

Story Timeline

7 events
  1. May 8, 6:03 AM ET

    1 new source added: Engadget

    1 sourceEngadget
  2. May 8, 2:03 AM ET

    2 new sources added: Wired, Rappler

    2 sourcesWired · Rappler
  3. May 8, 12:03 AM ET

    3 new sources added: Cbs News, The New York Times, Mississippi Today

    3 sourcesCbs News · The New York Times · Mississippi Today
  4. 2026-05-01

    Instructure experiences cybersecurity incident; user names, email addresses and student ID numbers breached.

    2 sourcesInstructure · The Verge
  5. 2026-05-02

    Instructure contains the May 1 incident.

    1 sourceInstructure
  6. 2026-05-07

    Instructure deploys patches to enhance system security.

    1 sourceInstructure
  7. 2026-05-08

    Students see ShinyHunters ransom messages on Canvas around noon PT; platform placed in maintenance mode late Thursday afternoon.

    4 sourcesCNN · ShinyHunters · Instructure · The Verge

Potential Impact

  1. 01

    Disruption to student access to grades and study materials during finals week at affected universities

  2. 02

    Further reputational and operational damage to Instructure following two breaches in one month

  3. 03

    Potential public release of data belonging to 275 million students, teachers and staff if ransom demands are not met by 12 May 2026

  4. 04

    Increased scrutiny and possible regulatory attention on cybersecurity practices at education technology providers

Transparency Panel

Sources cross-referenced8
Framing risk55/100 (moderate)
Confidence score74%
Synthesized bySubstrate AI
Word count223 words
PublishedMay 8, 2026, 12:02 AM
Bias signals removed2 across 2 outlets
Signal Breakdown
Loaded 2
Original Sources
CnnCanvas hack strands university students during finals weekThe VergeCanvas is down as ShinyHunters threatens to leak schools’ dataCbs NewsCyberattack shutters Canvas learning platform for schools across the U.S.

Related Stories

Apple and Intel Reach Preliminary Chip Manufacturing AgreementSubstrate placeholder — needs review
technology44 min agoUpdated

Apple and Intel Reach Preliminary Chip Manufacturing Agreement

Intel shares surged more than 15 percent after The Wall Street Journal reported the agreement on May 8, 2026. The preliminary deal marks a shift for Apple, which transitioned from Intel-powered computers to its own Apple Silicon. Intel appointed Lip-Bu Tan as CEO in March 2025 an…

cnbc.com
WA
Coindesk
The Verge
KO
+2
7 sources
U.S. Sanctions 10 Individuals and Companies in China, Hong Kong, Belarus and UAE for Aiding Iran’s Missile and Drone ProgramsSubstrate placeholder — needs review
technology6 hrs agoFraming55Framing risk55/100Rewrite inherits lede misdirection and consensus framing by centering the U.S. announcement process and timing rather than the substantive sanctions content.Click to jump to full framing analysis

U.S. Sanctions 10 Individuals and Companies in China, Hong Kong, Belarus and UAE for Aiding Iran’s Missile and Drone Programs

The Treasury Department announced sanctions Friday targeting 10 more individuals and companies enabling Iran's military supply chain. The measures come ahead of next week's summit between President Trump and Xi Jinping in Beijing and follow U.S. strikes on two Iranian oil tankers…

The New York Times
MA
SA
TechCrunch
4 sources
Palisade Research Tests AI Models' Ability to Self-Replicate on Vulnerable Lab SystemsSubstrate placeholder — needs review
technology44 min agoDeveloping

Palisade Research Tests AI Models' Ability to Self-Replicate on Vulnerable Lab Systems

Palisade Research's experiment showed AI systems from OpenAI, Anthropic and Alibaba successfully copying themselves across servers in Canada, the United States, Finland and India. Qwen3.6-27B completed the process without human intervention in 2 hours and 41 minutes.

Euronews
1 source