Cyberattack Disrupts Canvas Learning Portal at Major Universities Worldwide Hackers breached Instructure Inc.’s Canvas platform this month, forcing the company to temporarily suspend services for thousands of colleges and universities globally. The attack, detected on May 1, exploited a vulnerability in a teacher-specific account, granting unauthorized access to some of the company’s websites. While much of the service was restored by May 2, affected teacher accounts remain suspended. Canvas, a widely used learning management system, supports critical academic functions, including exams, assignments, and grade tracking. The outage impacted institutions such as Harvard, Princeton, Stanford, Yale, Columbia, the University of Oslo, and Australia’s Adelaide University, disrupting operations for students and faculty. The extent of data exposure remains unclear, though some universities reported potential breaches of user information. Yale warned that names, email addresses, and internal messages may have been accessed, while Stanford flagged possible exposure of student IDs and communications. Rutgers and Baylor noted uncertainty around compromised data, with Baylor cautioning about subsequent phishing attempts targeting students. The cybercrime group ShinyHunters claimed responsibility in a dark web post, though Instructure has not confirmed their involvement. Known for data theft and extortion, the group has previously targeted educational institutions, including a 2023 wave of attacks on Ivy League schools that exposed alumni and student records. Instructure, acquired by private equity firm KKR in a $4.8 billion deal earlier this year, was previously majority-owned by Thoma Bravo. The Salt Lake City-based company, founded in 2008, has not disclosed whether sensitive data was exfiltrated during the incident.

ShinyHunters Claims Major Data Breach of Udemy, Threatens to Leak 1.4M Records On April 24, 2026, the cybercriminal group ShinyHunters announced a data breach targeting Udemy, one of the world’s largest online learning platforms, alleging the theft of over 1.4 million records containing personally identifiable information (PII) and internal corporate data. The group issued a "Pay or Leak" ultimatum, demanding a response from Udemy by April 27, 2026, or risk public exposure of the stolen data. ShinyHunters, a financially motivated extortion group active since 2019, has built a reputation for high-profile breaches, including the 2020 theft of 200 million records from 13 companies. In 2026 alone, the group has intensified attacks on SaaS platforms and the education sector, with recent victims including Vercel, McGraw-Hill, and Harvard University (where 115,000 alumni records were exposed). Google Threat Intelligence tracks the group under the designation UNC6240, noting its shift from traditional network exploitation to social engineering, MFA bypass, and credential harvesting. ShinyHunters often exploits third-party integrations and compromised vendor credentials, as seen in the Vercel breach, where a third-party vendor (Context.ai) served as the entry point. The education sector remains a prime target, with ShinyHunters previously breaching India’s Unacademy, stealing over 10 million user accounts. As of publication, Udemy has not confirmed or denied the breach, and researchers continue monitoring the group’s leak site for potential data release following the deadline. The incident underscores the group’s evolving tactics and persistent focus on high-value targets.

Rutgers suffered from a data breach incident that exposed 1,700 students personal information. Students in the computer science department were impacted by this breach, which exposed data such as Rutgers I.D. numbers, cumulative GPAs, and Spring 2018 class schedules. All pupils whose information was disclosed were informed of the mistake and given the assurance that their information had not been altered. To ensure that this kind of error does not happen again, the pertinent security policies have been reviewed and modified. This data did not contain private information like Social Security numbers, residences, or financial details.