Canvas Hacked: ShinyHunters Steals 275M Records, 9K Schools, May 12 Extortion Deadline

# Canvas Hacked: ShinyHunters Steals 275M Records, 9K Schools, May 12 Extortion Deadline

> **Quick answer:** On May 7, 2026, cybercrime group ShinyHunters breached Instructure — the company behind Canvas LMS — and stole 3.65 terabytes of data covering 275 million records from 8,809 educational institutions worldwide. Stolen data includes student names, emails, student IDs, and private teacher-student messages. ShinyHunters has issued a hard deadline of May 12, 2026: pay, or everything gets leaked publicly. Canvas serves 41% of all higher education institutions in North America, meaning the breach almost certainly includes your school.

The Canvas hack of May 2026 is already being called the largest educational security breach on record. If you or anyone you know attends a college, university, or K-12 school that uses Canvas, the clock is now running on a data exposure event that could affect hundreds of millions of private conversations, student records, and institutional files — all of it set to go public by end of day May 12 unless a ransom is paid.

## What Happened: ShinyHunters Defaced Canvas Logins and Issued a "PAY OR LEAK" Ultimatum

Instructure, the Salt Lake City-based company that operates Canvas LMS, confirmed a cybersecurity incident beginning May 1, 2026. The situation escalated sharply on May 7, 2026 at approximately 1:20 PM PDT, when students and faculty across the globe logged into Canvas and saw something they had never seen before: the login page replaced by a ShinyHunters ransom message.

The message was blunt: approximately 8,809 institutions have until the end of day May 12, 2026 to pay an undisclosed ransom. If payment is not made, ShinyHunters will publicly release the full 3.65 terabytes of stolen data.