This is a developing event and has been generated by AI. Details may change as more information becomes available and human review is completed.
Cyber Incident Disrupts Canvas Educational Platform – Multiple US Universities Reschedule Exams
Impact Assessment Rationale
The incident disrupted a widely used educational platform affecting multiple universities during final exam season, causing operational disruption and potential reputational and liability exposure for Instructure. However, no confirmed data breach or physical damage is reported, limiting insured loss estimates.
View assessment methodology →Loading map...
Geographic Zone Matches
1 active match
- TRIA Certified AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Summary
A cybercriminal group compromised or disrupted Canvas, the widely used educational platform operated by Instructure, on or around 8 May 2026. Dozens of students reported seeing a message from the cybercriminal group while accessing the platform. The incident caused sufficient disruption that multiple universities were forced to reschedule final examinations.
This summary is AI-generated from linked source reports and may change as more information becomes available. See our correction policy for how to report errors.
Structured Intelligence
known
- A cybercriminal group message was displayed to students on the Canvas platform.
- The incident occurred on or around Thursday 8 May 2026.
- Multiple universities were forced to reschedule final exams as a result.
- Canvas is an educational platform created by Instructure hosting teaching materials, tests and readings.
reported
- Dozens of students reported the incident via social media.
- The nature of the attack (ransomware, defacement, DDoS, or other) is not confirmed in the source text.
uncertain
- The identity or affiliation of the cybercriminal group is not confirmed.
- The geographic scope beyond the United States is unclear.
- Whether student data or exam content was exfiltrated is unknown.
- The full number of affected universities has not been confirmed.
Affected Countries
Key Entities
Sources
Trade Media
- The Record (Cyber)10 May 2026, 22:10
- BleepingComputer10 May 2026, 22:20
Timeline
Status changed to developing
Auto-promoted: multiple corroborating sources
Corroborating source
The ShinyHunters extortion gang has breached Instructure, the operator of the Canvas educational platform, exploiting a vulnerability to deface Canvas login portals for hundreds of colleges and universities. The attack is described as a mass extortion campaign targeting the widely used higher education learning management system. The incident aligns with broader Canvas disruptions reported around 8 May 2026 that forced multiple US universities to reschedule exams. ShinyHunters, a prolific cybercriminal group, is attributed as the threat actor responsible.
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities.
Source: BleepingComputer (Trade Media) · View source
Initial Detection
A cybercriminal group compromised or disrupted Canvas, the widely used educational platform operated by Instructure, on or around 8 May 2026. Dozens of students reported seeing a message from the cybercriminal group while accessing the platform. The incident caused sufficient disruption that multiple universities were forced to reschedule final examinations.
On Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.
Source: The Record (Cyber) (Trade Media) · View source