WSU Student Data Exposed in Canvas Hack by ShinyHunters
Washington State University (WSU) confirmed that student data including names, email addresses, and ID numbers may have been compromised in a cyberattack targeting its Canvas learning management system last week. The breach, which disrupted access to the platform on Thursday, was attributed to the cybercriminal group ShinyHunters.
In a brief message displayed on Canvas, the hackers claimed to have breached the system "again" and warned that nearly 9,000 affected schools had until May 12 to negotiate a settlement before stolen data would be leaked. WSU’s Information Technology Services acknowledged the incident, stating that Canvas accessibility remained uncertain and advised students and faculty to download critical course materials and submit final grades promptly.
ShinyHunters, active since 2019, specializes in data extortion, stealing sensitive information and demanding ransom payments to prevent public leaks. Canvas, used by over 40% of U.S. colleges and universities, serves as a central hub for assignments, grades, and course materials. The breach was contained later the same day, but the full extent of the data exposure remains under investigation.
WSU Voiland College of Engineering and Architecture cybersecurity rating report: https://www.rankiteo.com/company/wsu-voiland-college-of-engineering-and-architecture
"id": "WSU1778560224",
"linkid": "wsu-voiland-college-of-engineering-and-architecture",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students and faculty',
'industry': 'Education',
'name': 'Washington State University (WSU)',
'type': 'University'},
{'customers_affected': 'Nearly 9,000 affected schools',
'industry': 'Education Technology',
'name': 'Canvas (by Instructure)',
'size': 'Used by over 40% of U.S. colleges and '
'universities',
'type': 'Learning Management System'}],
'attack_vector': 'Unknown',
'customer_advisories': 'Message displayed on Canvas about the breach and '
'negotiation deadline',
'data_breach': {'personally_identifiable_information': 'Names, email '
'addresses, ID numbers',
'sensitivity_of_data': 'Personally identifiable information '
'(PII)',
'type_of_data_compromised': 'Student data'},
'description': 'Washington State University (WSU) confirmed that student data '
'including names, email addresses, and ID numbers may have '
'been compromised in a cyberattack targeting its Canvas '
'learning management system. The breach disrupted access to '
'the platform and was attributed to the cybercriminal group '
'ShinyHunters.',
'impact': {'data_compromised': 'Names, email addresses, ID numbers',
'downtime': 'Disrupted access on Thursday',
'identity_theft_risk': 'Potential',
'operational_impact': 'Uncertain accessibility, advised to '
'download critical course materials and '
'submit final grades promptly',
'systems_affected': 'Canvas learning management system'},
'investigation_status': 'Ongoing',
'motivation': 'Data Extortion',
'ransomware': {'data_exfiltration': 'Threatened to leak stolen data',
'ransom_demanded': 'Negotiation for settlement before May 12'},
'references': [{'source': 'WSU Information Technology Services'}],
'response': {'communication_strategy': 'Message displayed on Canvas, advisory '
'to students and faculty',
'containment_measures': 'Breach was contained later the same '
'day'},
'stakeholder_advisories': 'Advisory to students and faculty to download '
'critical course materials and submit final grades '
'promptly',
'threat_actor': 'ShinyHunters',
'title': 'WSU Student Data Exposed in Canvas Hack by ShinyHunters',
'type': 'Data Breach'}