• Canvas learning management system suffered a significant cyberattack, affecting thousands of educational institutions.
• The hacking group ShinyHunters claimed responsibility, threatening to leak data if ransoms were not paid by May 12.
• Access to grades and coursework was severely disrupted during a critical exam period for students.
• Canvas has since been partially restored, but some users still face functionality issues.
• The breach has affected around 9,000 schools and approximately 30 million users worldwide.

The Canvas learning management system, vital for many schools and universities, experienced a severe cybersecurity breach beginning May 7, affecting students nationwide during exams. The hacker group ShinyHunters was identified as responsible, claiming to have stolen **3.5 terabytes** of data, including sensitive information such as names, email addresses, and student IDs, while threatening to release this data unless a ransom was paid by May 12, according to Al Jazeera and Channel News Asia.

Instructure, the operator of Canvas, reported that the platform was put into maintenance mode due to the breach, which severely impacted thousands of users and left many students unable to submit assignments or access course materials during finals week. Major institutions such as Harvard and the University of Pennsylvania confirmed they were locked out of the platform, according to India Times and Al Jazeera.

Reactions from institutions were swift as schools scrambled to adjust exam schedules, with some announcing extensions due to the disruptions. According to reports from teachers and students, educational activities were severely hindered, and many resorted to social media to express their concerns during this critical period, as highlighted by Channel News Asia and India Times.

As of May 8, the system has been reported to be partially restored, allowing access for most users; however, functionality limitations remained, particularly for some institutions, according to updates from Instructure. They indicated that further checks were necessary before full access could be allowed, as the situation continued to evolve, cited by both Channel News Asia and Al Jazeera.