Cyberattack Disrupts Canvas for Universities, Including Trinity, in Massive Data Breach
On the afternoon of May 7, Trinity University’s Information Technology Service (ITS) notified students, faculty, and staff of a cyberattack targeting Canvas, the widely used learning management system. The attack has taken the platform offline, with no estimated timeline for restoration.
The breach is part of a larger, coordinated attack affecting universities nationwide that use Canvas. A cybercrime group, identified as ShinyHunters, has demanded payment from each institution by May 12, threatening to leak stolen user data if the ransom is not met. The group gained notoriety in 2020 after stealing over 200 million records from 13 companies.
While earlier attacks in late April and early May compromised private messages and personally identifiable information, the full scope of this latest breach remains unclear. For a brief period, Canvas users were redirected to a ShinyHunters message listing schools including University of the Incarnate Word, St. Mary’s University, and University of Texas San Antonio whose data had already been leaked in prior incidents. The ransom amount was unspecified, and Trinity’s administration has not confirmed whether it will comply with the demand.
As of the latest update, Canvas displays a maintenance notice, though its status page indicates the company is investigating the issue and expects service to resume soon. Trinity ITS has not provided further comment.
Source: https://trinitonian.com/2026/05/07/trinity-part-of-nationwide-canvas-data-breach/
Trinity University TPRM report: https://www.rankiteo.com/company/trinity-university
"id": "tri1778210691",
"linkid": "trinity-university",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Students, faculty, and staff',
'industry': 'Education',
'name': 'Trinity University',
'type': 'University'},
{'industry': 'Education',
'name': 'University of the Incarnate Word',
'type': 'University'},
{'industry': 'Education',
'name': 'St. Mary’s University',
'type': 'University'},
{'industry': 'Education',
'name': 'University of Texas San Antonio',
'type': 'University'},
{'customers_affected': 'Multiple universities '
'nationwide',
'industry': 'EdTech',
'name': 'Canvas (Instructure)',
'type': 'Learning Management System Provider'}],
'customer_advisories': 'Notification to students, faculty, and staff; '
'maintenance notice on Canvas',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Private messages',
'Personally identifiable '
'information']},
'date_detected': '2024-05-07',
'date_publicly_disclosed': '2024-05-07',
'description': 'On the afternoon of May 7, Trinity University’s Information '
'Technology Service (ITS) notified students, faculty, and '
'staff of a cyberattack targeting Canvas, the widely used '
'learning management system. The attack has taken the platform '
'offline, with no estimated timeline for restoration. The '
'breach is part of a larger, coordinated attack affecting '
'universities nationwide that use Canvas. A cybercrime group, '
'identified as ShinyHunters, has demanded payment from each '
'institution by May 12, threatening to leak stolen user data '
'if the ransom is not met. The group gained notoriety in 2020 '
'after stealing over 200 million records from 13 companies. '
'While earlier attacks in late April and early May compromised '
'private messages and personally identifiable information, the '
'full scope of this latest breach remains unclear. For a brief '
'period, Canvas users were redirected to a ShinyHunters '
'message listing schools including University of the Incarnate '
'Word, St. Mary’s University, and University of Texas San '
'Antonio whose data had already been leaked in prior '
'incidents. The ransom amount was unspecified, and Trinity’s '
'administration has not confirmed whether it will comply with '
'the demand. As of the latest update, Canvas displays a '
'maintenance notice, though its status page indicates the '
'company is investigating the issue and expects service to '
'resume soon.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'downtime': 'Ongoing (as of latest update)',
'identity_theft_risk': True,
'operational_impact': 'Platform taken offline, disruption to '
'learning activities',
'systems_affected': 'Canvas learning management system'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'references': [{'date_accessed': '2024-05-07',
'source': 'Trinity University ITS Notification'},
{'source': 'ShinyHunters Ransom Message'}],
'response': {'communication_strategy': 'Notification to students, faculty, '
'and staff; maintenance notice on '
'Canvas',
'containment_measures': 'Platform taken offline'},
'threat_actor': 'ShinyHunters',
'title': 'Cyberattack Disrupts Canvas for Universities, Including Trinity, in '
'Massive Data Breach',
'type': 'Ransomware'}