A massive cyberattack targeting the Canvas online learning platform disrupted schools and universities nationwide during finals week, including the University of Washington (UW) and Washington State University (WSU), after hackers threatened to release sensitive student and school data.
The breach, tied to the hacking group Shiny Hunters, is being described by cybersecurity experts as one of the most disruptive education-related cyberattacks in years.
KIRO Newsradio talked with cybersecurity expert and owner of Advanced Cyber Law, Cristin Flynn-Goodwin, about the breach and the attackers known as Shiny Hunters.
“This is a cybercriminal group. They’ve been around since about 2019 or so. It’s mostly teenagers and young adults,” Flynn-Goodwin explained. “The best way to think about it is like a gang of really talented cyber hackers, and this gang, or cybercriminal group, attacks sophisticated companies and extorts them for large amounts of money.”
Canvas parent company Instructure said late Monday it reached an agreement with the hackers to secure the return and deletion of stolen data affecting schools and universities across the country.
“Instructure has confirmed all stolen data has been returned and deleted,” the company said in a statement, adding that the agreement covers all affected customers and schools should not attempt to negotiate with the hackers individually.
The outage created chaos for students and faculty at a critical time in the academic year as users suddenly lost access to lecture notes, assignments, grades, and online testing tools.
“Canvas is used by higher education and a lot of schools, including private schools here in the Seattle area, and some K through 12 schools around the country,” Flynn-Goodwin said. “It’s a platform for managing assignments that students and teachers can communicate, grades parents can log in and see assignments, and so there’s all of that data that accumulates over the course of a school year, and so that data is what the attackers can go in and then steal.
Shiny Hunters impacted 9,000 schools with hack
Hackers also allegedly displayed ransom messages on student screens, threatening to publish sensitive data unless schools paid by a specified deadline. On May 5, Flynn-Goodwin said Shiny Hunters published a list of almost 9,000 schools impacted, including eight Ivy League schools and multiple community colleges.
“There are also schools here in the area, private schools that use Canvas, and they were unable to log in. They were unable to use Canvas,” Flynn-Goodwin said. “Some of those kids were taking advanced placement exams, because if you’re a senior, this is advanced placement week for high school students.”
Flynn-Goodwin also warned that universities are frequent ransomware targets because they store large amounts of personal, financial, and research data.
“When you think about what the effect of the attack is, it’s building a lot of pressure on the students. The attackers are young people, and they know and understand their targets; they understand the technology extremely well. They pick them and they time them on purpose, because they know that the likelihood of payment is going to go up the higher the demand and the stress for getting that service back online is going to be,” Flynn-Goodwin said. “And there is no greater time for Canvas to be online than when all of its higher education, when all the colleges and universities and all of the high schools are either crashing on finals or AP exams.”
The incident has also drawn federal attention. The House Homeland Security Committee has reportedly requested a briefing from Instructure regarding its response to the breach and coordination with affected institutions. Experts are also urging students and families to monitor financial accounts, be cautious of unsolicited emails, and take advantage of any free credit monitoring services offered through their schools.
For students using financial aid systems, exposed information could include personally identifiable details such as Social Security numbers and banking and account information.
“Students, educators and parents should be on the lookout for targeted phishing emails that know your professor’s name or your name and your grade level you’re in, because they can use stolen Canvas messages to make fake emails look very, very real. Now they’re going to know a lot of information about you, and so just be aware of phishing emails,” Flynn-Goodwin said. “Older students who have financial aid, if you’re a high schooler or college student, and you have any FAFSA data, your financial services, financial aid data that might be linked through Canvas, that might have your social security number … you might want to start to monitor for that and look for some free credit reporting that might come out at some point.”
Follow Luke Duecy on X. Read more of his stories here. Submit news tips here.
This story was originally posted to MyNorthwest.com
©2026 Cox Media Group
