• Home
  • cyber
  • Instructure Inc., Yale University, Princeton University, Stanford University, Harvard University, Rutgers University and Adelaide University: Multiple Colleges Hit by Disruptions After Canvas Service Hack
cyber Cyber Attack

Instructure Inc., Yale University, Princeton University, Stanford University, Harvard University, Rutgers University and Adelaide University: Multiple Colleges Hit by Disruptions After Canvas Service Hack

May 1, 2026 3 min read
Instructure Inc., Yale University, Princeton University, Stanford University, Harvard University, Rutgers University and Adelaide University: Multiple Colleges Hit by Disruptions After Canvas Service Hack

Cyberattack Disrupts Canvas Learning Portal at Major Universities Worldwide

Hackers breached Instructure Inc.’s Canvas platform this month, forcing the company to temporarily suspend services for thousands of colleges and universities globally. The attack, detected on May 1, exploited a vulnerability in a teacher-specific account, granting unauthorized access to some of the company’s websites. While much of the service was restored by May 2, affected teacher accounts remain suspended.

Canvas, a widely used learning management system, supports critical academic functions, including exams, assignments, and grade tracking. The outage impacted institutions such as Harvard, Princeton, Stanford, Yale, Columbia, the University of Oslo, and Australia’s Adelaide University, disrupting operations for students and faculty.

The extent of data exposure remains unclear, though some universities reported potential breaches of user information. Yale warned that names, email addresses, and internal messages may have been accessed, while Stanford flagged possible exposure of student IDs and communications. Rutgers and Baylor noted uncertainty around compromised data, with Baylor cautioning about subsequent phishing attempts targeting students.

The cybercrime group ShinyHunters claimed responsibility in a dark web post, though Instructure has not confirmed their involvement. Known for data theft and extortion, the group has previously targeted educational institutions, including a 2023 wave of attacks on Ivy League schools that exposed alumni and student records.

Instructure, acquired by private equity firm KKR in a $4.8 billion deal earlier this year, was previously majority-owned by Thoma Bravo. The Salt Lake City-based company, founded in 2008, has not disclosed whether sensitive data was exfiltrated during the incident.

Source: https://www.insurancejournal.com/news/national/2026/05/08/869137.htm

The University of Adelaide College cybersecurity rating report: https://www.rankiteo.com/company/the-university-of-adelaide-college

Yale University cybersecurity rating report: https://www.rankiteo.com/company/yale-university

Rutgers University cybersecurity rating report: https://www.rankiteo.com/company/rutgersu

Harvard University cybersecurity rating report: https://www.rankiteo.com/company/harvard-university

Stanford University cybersecurity rating report: https://www.rankiteo.com/company/stanford-university

Instructure cybersecurity rating report: https://www.rankiteo.com/company/instructure-inc-

Princeton University cybersecurity rating report: https://www.rankiteo.com/company/princeton-university

"id": "THEYALRUTHARSTAINSPRI1778258906",
"linkid": "the-university-of-adelaide-college, yale-university, rutgersu, harvard-university, stanford-university, instructure-inc-, princeton-university",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Education',
                        'location': 'USA',
                        'name': 'Harvard University',
                        'type': 'University'},
                       {'industry': 'Education',
                        'location': 'USA',
                        'name': 'Princeton University',
                        'type': 'University'},
                       {'customers_affected': 'Student IDs and communications '
                                              'potentially exposed',
                        'industry': 'Education',
                        'location': 'USA',
                        'name': 'Stanford University',
                        'type': 'University'},
                       {'customers_affected': 'Names, email addresses, and '
                                              'internal messages potentially '
                                              'accessed',
                        'industry': 'Education',
                        'location': 'USA',
                        'name': 'Yale University',
                        'type': 'University'},
                       {'industry': 'Education',
                        'location': 'USA',
                        'name': 'Columbia University',
                        'type': 'University'},
                       {'industry': 'Education',
                        'location': 'Norway',
                        'name': 'University of Oslo',
                        'type': 'University'},
                       {'industry': 'Education',
                        'location': 'Australia',
                        'name': 'Adelaide University',
                        'type': 'University'},
                       {'customers_affected': 'Uncertainty around compromised '
                                              'data',
                        'industry': 'Education',
                        'location': 'USA',
                        'name': 'Rutgers University',
                        'type': 'University'},
                       {'customers_affected': 'Potential phishing attempts '
                                              'targeting students',
                        'industry': 'Education',
                        'location': 'USA',
                        'name': 'Baylor University',
                        'type': 'University'},
                       {'customers_affected': 'Thousands of colleges and '
                                              'universities globally',
                        'industry': 'Education Technology',
                        'location': 'USA',
                        'name': 'Instructure Inc.',
                        'type': 'Company'}],
 'attack_vector': 'Vulnerability in teacher-specific account',
 'customer_advisories': 'Universities issued warnings to students and faculty '
                        'about potential data exposure and phishing risks',
 'data_breach': {'personally_identifiable_information': 'Names, email '
                                                        'addresses, student '
                                                        'IDs',
                 'sensitivity_of_data': 'Personally identifiable information',
                 'type_of_data_compromised': ['Names',
                                              'Email addresses',
                                              'Internal messages',
                                              'Student IDs',
                                              'Communications']},
 'date_detected': '2024-05-01',
 'date_resolved': '2024-05-02',
 'description': 'Hackers breached Instructure Inc.’s Canvas platform this '
                'month, forcing the company to temporarily suspend services '
                'for thousands of colleges and universities globally. The '
                'attack exploited a vulnerability in a teacher-specific '
                'account, granting unauthorized access to some of the '
                'company’s websites. The outage impacted institutions such as '
                'Harvard, Princeton, Stanford, Yale, Columbia, the University '
                'of Oslo, and Australia’s Adelaide University, disrupting '
                'operations for students and faculty. The cybercrime group '
                'ShinyHunters claimed responsibility, though Instructure has '
                'not confirmed their involvement.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to '
                                       'Instructure and affected universities',
            'data_compromised': 'User information, names, email addresses, '
                                'internal messages, student IDs, '
                                'communications',
            'downtime': 'Temporary suspension of services',
            'identity_theft_risk': 'Potential risk due to exposure of '
                                   'personally identifiable information',
            'operational_impact': 'Disruption of exams, assignments, and grade '
                                  'tracking',
            'systems_affected': 'Canvas learning management system'},
 'initial_access_broker': {'entry_point': 'Teacher-specific account '
                                          'vulnerability'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data theft, extortion',
 'post_incident_analysis': {'root_causes': 'Vulnerability in teacher-specific '
                                           'account'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Universities issued warnings to '
                                        'students and faculty',
              'containment_measures': 'Temporary suspension of services, '
                                      'suspension of affected teacher accounts',
              'recovery_measures': 'Service restoration by May 2'},
 'threat_actor': 'ShinyHunters',
 'title': 'Cyberattack Disrupts Canvas Learning Portal at Major Universities '
          'Worldwide',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Account-specific vulnerability'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.