Cyber Incident Victim: University of British Columbia
Date:
May 2026
Location:
Canada
Summary
A cyber attack claimed by the group ShinyHunters targeted the Canvas learning management system owned by Instructure, causing widespread outages at universities and schools in multiple countries. The University of British Columbia informed students that Canvas was unavailable due to the breach and advised them to log out, while other institutions reported exam cancellations, postponed assessments, and difficulties submitting work. Instructure later indicated that service was restored for most users, though some campuses continued to experience disruptions affecting coursework and examinations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Thursday evening the University of British Columbia in Vancouver issued an update to students stating that the Canvas learning platform was unavailable due to a cyber breach of its parent company Instructure and advising users to log out immediately. The attack on Canvas was claimed by the hacking group ShinyHunters, which targeted the academic software used by thousands of schools and universities worldwide. By late Thursday Instructure reported that Canvas was available for most users but acknowledged that some institutions continued to experience outages on Friday. The cyber incident affected an estimated nine thousand institutions across the United States, Canada, Australia and other regions, disrupting coursework, examinations and assignment submissions.
Various universities responded to the outage with specific measures: Mississippi State University postponed Friday’s final exams to allow students to recover lost work, Idaho State University cancelled exams scheduled after 12:00 local time on Thursday, and Penn State University announced that no one had access to Canvas and cancelled some exams for Thursday and Friday while noting a resolution was unlikely within the next twenty‑four hours. The University of Toronto confirmed it was impacted and said multiple universities were affected, while students at the University of California Los Angeles reported difficulty submitting assignments through Canvas and the University of Chicago temporarily disabled its Canvas page after being targeted. The University of Sydney informed students that Canvas was unavailable and advised against logging in, noting it was one of approximately nine thousand institutions awaiting guidance from Instructure.
ShinyHunters distributed a ransom‑demanding message that was posted by the Chicago Maroon, urging private negotiation to avoid data release, and the same message was received by a Northwestern University masters student who described feeling anxious about unfinished work and potential data exposure. Northwestern responded with a generic email stating it was monitoring the issue, had no estimated restoration time for Canvas and confirmed other IT infrastructure remained unaffected. Threat analyst Luke Connolly of Emisoft noted the threats began on Sunday with deadlines set for Thursday and 12 May, and indicated discussions about extortion payments could be ongoing. On the same day as the attacks, Senator Chuck Schumer wrote to the Trump administration urging stronger cyber defences in the era of AI and called on the Department of Homeland Security to assist states and localities.