{"id":212357,"date":"2026-05-11T17:38:00","date_gmt":"2026-05-11T21:38:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/11\/second-canvas-data-breach-causes-major-disruptions-for-schools-colleges\/"},"modified":"2026-05-12T01:20:13","modified_gmt":"2026-05-12T05:20:13","slug":"second-canvas-data-breach-causes-major-disruptions-for-schools-colleges","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/11\/second-canvas-data-breach-causes-major-disruptions-for-schools-colleges\/","title":{"rendered":"Second Canvas data breach causes major disruptions for schools, colleges"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/a-2nd-canvas-data-breach-causes-major-disruptions-for-schools-colleges\/819784\/\">Second Canvas data breach causes major disruptions for schools, colleges<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/a-2nd-canvas-data-breach-causes-major-disruptions-for-schools-colleges\/819784\/\">https:\/\/www.cybersecuritydive.com\/news\/a-2nd-canvas-data-breach-causes-major-disruptions-for-schools-colleges\/819784\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-11 17:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Dive Brief:<\/p>\n<p>A threat actor once again gained unauthorized access into Instructure\u2019s Canvas learning management system\u00a0on May 7, the ed tech company confirmed on its website. The incident caused disruptions for students and teachers at school districts and colleges nationwide as final exam season is underway.\u00a0<br \/>\nSchools and colleges have had to offer grace periods for missed or late assignments affected by the Canvas outage. Pennsylvania State University, for example, even announced that all tests being administered at night on May 7 and all day on May 8 were canceled after the latest incident.\u00a0<br \/>\nAs of May 8, Instructure reported that Canvas is back online and safe to use. But some districts and universities have temporarily disabled Canvas as the ed tech company investigates the incident.\u00a0<\/p>\n<p>Dive Insight:<br \/>\nThis is the second cybersecurity incident to target the Canvas learning management system within 8 days, according to Instructure. The company announced the first incident on May 1 in a status update on its website.<br \/>\nThe threat actors breached Canvas by exploiting an issue on its Free-For-Teacher accounts during both incidents, on April 29 and May 7, Instructure said. Because of this, the ed tech company said it is temporarily shutting down those accounts \u2014 a core part of the Canvas platform.\u00a0<br \/>\nCanvas is used for student information, including grades, assignments, attendance and course materials.\u00a0<br \/>\nVirginia\u2019s Roanoke County Public Schools issued a statement on the May 7 Canvas incident, noting that \u201csome of our users may have seen a message today related to this incident on their computers when they logged into the Canvas system.\u201d The district further advised students and staff to not engage with the message.<br \/>\nCanvas users at the University of Pennsylvania also saw a message on their system from a cybercrime group known as ShinyHunters, according to The Daily Pennsylvanian, the university\u2019s independent student newspaper. Student publications at colleges across the U.S., including Harvard University, the University of Oklahoma and multiple University of California campuses, reported similar messages.<br \/>\nThe message linked to a list of schools allegedly affected by the ShinyHunters data breaches into Canvas. It said those schools could negotiate a settlement with the cybercrime group by May 12 \u2014 the same deadline given to Instructure.\u00a0<br \/>\nDuring the April 29 breach, Instructure said that Canvas users at affected organizations had certain personal information exposed including names, email addresses, student ID numbers, and messages.<br \/>\nNo further data was accessed on May 7, but an \u201cunauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas,\u201d the company said.<br \/>\nThe Canvas outage and cybersecurity incident \u201chighlights the real-life impact of failing to protect sensitive information collected by schools,\u201d said Elizabeth Laird, director of equity in civic technology at the nonprofit Center for Democracy &#038; Technology, in a May 8 statement.\u00a0<br \/>\n\u201cNot only did this incident interfere with essential learning activities, it has exposed sensitive data about nearly 300 million users, including messages that could include incredibly personal information,\u201d Laird said.\u00a0<br \/>\nAt the same time, Laird pointed to the U.S. Department of Education\u2019s Office of Educational Technology being shuttered last year. The office helped schools with responsible technology use, she said. Additionally, there have been significant funding cuts to cybersecurity supports for schools.\u00a0<br \/>\n\u201cThis is an important wakeup call that schools and the companies that work with them have legal and ethical responsibilities to safeguard students and teachers online in the same ways that they are protected in the classroom,&#8221; Laird said.<br \/>\nInstructure is not the only ed tech company to face a major data breach in recent years. Other recent high-profile cyberattacks include PowerSchool, a cloud-based K-12 software provider, and Illuminate Education, a student information system provider.<br \/>\nThe Canvas incident is a reminder that students and staff in schools have \u201cvery little control\u201d over their mass amounts of sensitive data in ed tech platforms, said Shaila Rana, a cybersecurity professor at Purdue Global and a senior member of Institute of Electrical and Electronics Engineers, a global technical professional organization, in a May 8 statement to K-12 Dive.<br \/>\n\u201cIt\u2019s really the asymmetry: users can\u2019t opt out, can\u2019t meaningfully audit how their data is protected, and are left absorbing the consequences when things go wrong,\u201d Rana said. \u201cWhat makes attacks on platforms like this especially damaging is the infrastructure dependency. It went down during finals week and it disrupted academic continuity across thousands of institutions simultaneously.\u201d<br \/>\nMeanwhile, Kate Brody, policy director at Schools Beyond Screens \u2014 the organization that pushed for Los Angeles Unified School District to limit screen time and devices in its schools \u2014 said in a May 8 statement that the Canvas incident is the \u201cperfect example\u201d for why schools need to \u201cinterrogate their overuse of technology.\u201d <\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Second Canvas data breach causes major disruptions for schools, colleges https:\/\/www.cybersecuritydive.com\/news\/a-2nd-canvas-data-breach-causes-major-disruptions-for-schools-colleges\/819784\/ Publish Date: 2026-05-11 17:38:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":212358,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/H6gkPmj5scgUem8nKI9-wAJ_uem5q-JqRVWyzHlN3qY\/g:nowe:0:284\/c:1536:867\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS85ZmIyM2IxMi1jYjJkLTQwNDctYmQ3OC1mZTMxZWVjMGM1NzYuamZpZg==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,34],"class_list":["post-212357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212357"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=212357"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212357\/revisions"}],"predecessor-version":[{"id":212359,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212357\/revisions\/212359"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/212358"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=212357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=212357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=212357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}