In a disruptive cyber incident that hit just as U.S. higher education institutions entered the high-stress end-of-semester exam period, multiple colleges and K-12 schools across the country suffered widespread service outages Thursday after a ransomware attack linked to hacking group ShinyHunters took the popular academic learning platform Canvas offline.
The attack impacted educational institutions spanning from coast to coast, with campuses in California, New York, Illinois and other states reporting sudden access failures to the platform, which millions of students and instructors rely on for assignment submission, grade tracking, course materials and exam hosting. Pennsylvania State University, one of the largest public postsecondary institutions in the country, notified students Thursday morning that no users could gain access to Canvas, and warned that a full restoration of service would not likely be completed within 24 hours. In response to the outage, the university canceled a number of final exams scheduled for Thursday and Friday, throwing end-of-semester schedules into disarray for thousands of learners.
At the University of California Los Angeles, students reported frantic efforts to meet looming assignment deadlines as they were locked out of the platform. The University of Chicago took a proactive step by taking its local Canvas instance offline temporarily after confirming it was among the targeted institutions. The university’s independent student newspaper, The Chicago Maroon, published a screenshot of a direct message from ShinyHunters that confirmed the group’s ransom demand: the message urged university administrators to reach out to the group privately to negotiate a financial settlement, threatening to leak sensitive institutional and student data if the demand was not met.
Cybersecurity experts note that the group’s threats predate Thursday’s mass outage. Luke Connolly, a threat analyst with cybersecurity firm Emisoft, told the Associated Press that initial targeted threats from ShinyHunters began as early as Sunday, with two deadlines for compliance set for Thursday and May 12. Connolly added that negotiations over extortion payments may already be underway between the hacking group and impacted parties. By late Thursday, Instructure, the Utah-based company that owns and operates Canvas, released a public update stating that the platform has been restored for the vast majority of users, though some smaller institutions and local campus instances still reported residual access issues.
The timing of the attack has drawn increased attention to growing cyber risks facing U.S. critical infrastructure, coinciding exactly with a high-profile push from top congressional leaders to ramp up national cyber defenses amid the rapid expansion of AI-powered hacking tools. On the same day the Canvas outage occurred, Senate Majority Leader Chuck Schumer, the chamber’s top Democratic leader, sent a formal letter to the Trump administration calling for urgent action to strengthen cyber protections across all sectors, including education. Schumer argued that the U.S. Department of Homeland Security, the federal agency tasked with leading domestic cyber defense efforts, must immediately extend support and resources to state and local governments to help them fend off growing threats. Schumer emphasized the need for proactive action before widespread outages and attacks put American lives and livelihoods at irreparable risk.