Canvas, a learning management system managed by Instructure and used by the University of Miami, went offline on Thursday, May 7, following a data breach.
UM has been transitioning from Blackboard Learn to Canvas — which already hosts more than 8,000 academic institutions — since fall 2025.
Instructure announced on May 1 that it had detected “unauthorized activity in Canvas” on April 29 and started an investigation.
An update the following day disclosed that the information stolen included personal data like names, email addresses, student ID numbers and messages between Canvas users. Instructure “identified additional unauthorized activity tied to the same incident” on May 7.
So far, there is no evidence that financial information, passwords or government identifiers were involved in the data breach.
“Instructure.com is still working on its investigation of the recent unauthorized activity across its systems,” said the University in a statement to The Hurricane. “You can follow the latest updates from Instructure.com on the ‘Security Incident Update & FAQs’ site.’”
At the time of publication, the University has not clarified whether UM students or faculty were impacted by the hack.
On Thursday, a group called ShinyHunters took credit for the hack. Students who tried to log onto the platform found a message from the group instead of the Canvas page.
A threat analyst at Emsisoft security firm described ShinyHunters as a “loosely affiliated” group of teens and young adults based in the U.S. and the United Kingdom.
According to The New York Times, the note read that ShinyHunters had breached Instructure “again” after the company “ignored [them] and did some ‘security patches.’”
The group said they stole data from nearly 9,000 schools and 275 million people, according to a ransom note shared on May 3 by Ransomeware.live — a site that monitors ransomware group leak sites.
The hackers gave Instructure a deadline of May 6 to contact them before they leaked the data “along with several annoying (digital) problems that’ll come your way.”
“Pay or Leak,” the note read. “Make the right decision, don’t be the next headline.”
ShinyHunters has also taken credit for numerous other high-profile hacks, including trying to sell Ticketmaster data on the dark web in 2024 and stealing more than one million of Harvard’s records in February.