Cyber Incident Victim: University of Sydney
Date:
May 2026
Location:
Australia
Summary
A cyber attack claimed by the hacking group ShinyHunters disrupted the Canvas learning management system used by thousands of universities and schools worldwide, affecting an estimated nine thousand institutions. The University of Sydney informed students that Canvas was unavailable and advised them not to attempt to log in, noting the outage interfered with coursework and examinations during a critical period. Other institutions responded by postponing or canceling exams and advising users to log out, while ShinyHunters reportedly contacted some universities with ransom demands and threats to release data. Instructure, the owner of Canvas, worked to restore service and reported that the platform was available for most users, though some campuses continued to experience outages.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 8 2026, a cyber attack disrupted Canvas, the learning management system owned by Instructure, affecting approximately nine thousand educational institutions worldwide. The hacking group ShinyHunters claimed responsibility for the attack, which began with threatening messages appearing on Sunday and continued through the week. By late Thursday, Instructure posted an update indicating that Canvas was available for most users, but many institutions continued to experience outages.
The University of Sydney notified students on Friday that Canvas was unavailable and advised them not to attempt to log in. The university explained that it was one of about nine thousand institutions impacted by the outage and that it was awaiting further guidance from Instructure. The disruption interfered with coursework and examinations, which the university described as especially disruptive given the critical point in the semester.
In response to the outage, the University of Sydney joined other institutions in adjusting assessment schedules. Mississippi State University postponed its Friday final exams, Idaho State University cancelled exams scheduled after 12:00 local time, and Penn State University cancelled some exams set for Thursday and Friday. The University of British Columbia informed students that Canvas was unavailable due to a cyber breach of Instructure’s parent company and urged them to log out immediately, while the University of Toronto confirmed it was also affected.
Screenshots shared by the Chicago Maroon showed a message from ShinyHunters demanding contact to negotiate a settlement and threatening the release of data. A Northwestern University graduate student described receiving the same message after clicking a link in an email that appeared to come from a university administrator, noting that his university later issued a generic statement indicating it was monitoring the issue without providing an estimated restoration time. The student reported continued inability to access Canvas on Friday and expressed anxiety about completing work and potential data exposure. The attacks occurred on the same day that Senator Chuck Schumer urged the Trump administration to increase defenses against cyber risks linked to advancing artificial intelligence, calling for the Department of Homeland Security to assist states and localities.