Canvas cyberattack and how KY schools were affected
Canvas cyberattack and how KY schools were affected
https://spectrumnews1.com/ky/louisville/news/2026/05/08/canvas-cyberattack-kentucky-schools
Publish Date: 2026-05-08 12:17:00
Source Domain: spectrumnews1.com
Using an unordered list, summarize the following article with between 4 and 8 key points. LOUISVILLE, Ky. — A widespread cyberattack affecting the Canvas learning management system disrupted access for schools and universities Thursday, including institutions in Kentucky, as students prepared for final exams and districts worked to assess any local impact.
What You Need To Know
Cyberattack disrupts access, impacting Kentucky schools like UK and Fayette County Public Schools
Investigations underway; no confirmation of Kentucky student data breaches yet
FCPS cautions against phishing attempts following Canvas breach
Kentucky schools are modifying exam schedules and plans in response
Canvas, which is used to manage grades, assignments, course materials and lecture content, went offline as cybersecurity investigators looked into the incident. The hacking group ShinyHunters has claimed responsibility, according to Luke Connolly, a threat analyst at the cybersecurity firm Emisoft.
Instructure, the company behind Canvas, has said it is still investigating. In a statement, the company said that “thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users.” The company added that it has found no evidence that passwords, dates of birth, government identifiers or financial information were involved.
In Kentucky, the University of Kentucky told reporters with the Kentucky Kernel, it has no indication so far that records belonging to UK students or faculty were stolen in the breach. UK spokesperson Jay Blanton told the Kentucky Kernel he currently has no knowledge that UK records were taken.
Fayette County Public Schools also confirmed the incident is affecting its use of Canvas, which is the learning management system for students in grades 6 through 12. In a message to families, the district said Canvas and related services were unavailable as of 10 p.m. Thursday.
FCPS said the cybersecurity incident involves Instructure and school districts across the country, but stressed that the district’s internal network and systems were not involved. The district also said it does not yet have confirmation that any student data was accessed inappropriately by a third party.
The district warned families to be especially alert for phishing attempts, noting that cybercriminals often use names and email addresses exposed in leaks to send fraudulent messages. FCPS urged people to be cautious of any email asking them to click a link or provide a password, even if it appears to come from a school or from Canvas.
FCPS said teachers would adjust classroom plans as needed while the platform remains unavailable. The district also said it is reviewing its security measures and following all vendor-provided security protocols, with additional updates to come if needed.
Elsewhere in Kentucky, Spectrum News reached out to the University of Louisville, Eastern Kentucky University, Western Kentucky University and Northern Kentucky University to ask whether they were affected. A spokesperson for the University of Louisville said the school does not use Canvas. Western Kentucky University spokesperson Jace Lux said, “We are not aware of any effects to WKU.” Spectrum News had not yet heard back from Eastern Kentucky University or Northern Kentucky University.
Nationally, students and faculty reported being unable to access class materials, grades and assignments during a critical stretch of the academic term. Some colleges around the country said they were considering or implementing changes to final exam schedules as a result of the outage.
The attack underscores how heavily schools now rely on digital platforms to manage day-to-day instruction — and how disruptive a cybersecurity breach can be when it hits near the end of a semester.
