Canvas’ parent company says the learning platform is safe to use, but that they were forced to shut down one of its services.
WASHINGTON — After a cybersecurity hack of Canvas interrupted learning for more than 8,000 schools and colleges around the country, the site’s parent company said Friday the learning management system is back.
“Canvas is fully back online and available for use,” was the pledge from Infrastructure, Canvas’ parent company.
The announcement comes after many of its platforms at thousands of K-12 schools and institutions, including Harvard University and the University of Michigan, were unavailable on Thursday during the heart of finals exam season. The same day, an ominous message from hackers threatened to release personal data if a settlement was not reached.
The sites, which normally store lesson plans, homework and modules for K-12 schools and universities, started reporting problems Thursday morning.
The hacking group, which identified itself as “ShinyHunters,” gave the software company and schools an ultimatum before they threatened to begin leaking personal data.
“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately,” the hackers wrote in a message on a dark web leak site, warning institutions that they had until next Tuesday to make a deal.
ShinyHunters hackers, who pride themselves in “rooting your systems since ’19,” have claimed responsibility for similar system hacks, including against software company Salesforce in 2025.
This wasn’t the first time Infrastructure encountered these same hackers, which the tech company referred to as an “unauthorized party.” According to a Friday “Security Incident Update” from Infrastructure, the same group had breached Canvas’ cybersecurity on April 29.
“We immediately revoked the unauthorized party’s access, started an investigation and engaged outside forensic experts,” Infrastructure said about the April encounter. The company warned impacted schools on Tuesday about the breach from six days earlier.
According to Infrastructure, the FBI, the U.S. Cybersecurity and Infrastructure Security Agency and international groups were contacted about the hack.
How did the hackers carry out the attack?
Free-for-Teacher, a program that allows educators to sample Canvas even if their school or institution isn’t a customer, was the entry point for hackers, Infrastructure says. The tool, which advertises itself as “open, accessible and educator focused,” was breached both in the April encounter and the hack this week.
Following the attack, Canvas will temporarily close Free-For-Teacher accounts.
“We have made the difficult decision to temporarily shut down Free-For-Teacher accounts,” Infrastructure wrote on its site. “These accounts have been a core part of our platform and we’re committed to resolving the issues with these accounts.”
About 76,000 teachers have used the Free-For-Teacher service since it was launched in 2022, according to internal data from Infrastructure.
Was personal data taken during the attack?
Some data was taken during the April 29 breach, including email addresses, student ID numbers and messages among Canvas users.
“We have found no evidence that passwords, dates of birth, government identifiers or financial information were involved,” Infrastructure wrote.
According to the tech company, there was no evidence that data was taken during the Thursday hack.
“The investigation is ongoing, and we’ll share more information when things are verified,” Infrastructure wrote.