Around 4 p.m. yesterday, May 7th, Instructure was hacked. Instructure is the company that runs Canvas, the educational system that K-12 schools, as well as universities, use across the United States. The website has more than 30 million global users daily, as reported by CNN, meaning this shutdown has a colossal effect, but MCCSC released a statement saying that there has been “no local evidence of accounts being compromised.”
The IU Kelley School of Business professor Kari Johnson shared that a coworker of hers was administering a final on Canvas when the students’ screens went black. A message popped up saying this was the work of ShinyHunters, a cyber criminal group that has been breaching systems since 2019.
In their message, ShinyHunters demanded that the affected schools “consult with a cyber security firm and contact [them] privately at TOX to negotiate a settlement.” If the schools don’t comply by the end of the day on May 12th, 2026, all of their data will be leaked.

This hack-attack was not as random as it seems. ShinyHunters had breached the Instructure system on May 1st, 2026, a CNN article detailed. Instructure was believed to have “contained” the breach, but ShinyHunters sent them a message saying they “breached 275 million individuals’ data and had access to ‘several billion private messages.’” They told Instructure they had until May 6th to contact them, and when the company failed to respond, the hackers struck again.
As of this morning, May 8th, Instructure says that their systems are back online and “Canvas is now available for most users.” However, MCCSC has asked students and staff to stay logged out for the time being to stay on the safe side.
[Edit]: At 12:03 p.m. on May 8th, MCCSC sent a follow up email saying that some data “may have been accessed from Canvas,” including: student names; MCCSC student email addresses and ID numbers; messages sent on Canvas; and any other contact information on user profiles.
MCCSC has temporarily disabled Canvas and Skyward as a precaution. They warn MCCSC students to be cautious, but not to stress because one’s “MCCSC student ID number is not tied to any of [their] personal ID numbers,” and student emails are only able to receive emails from other MCCSC emails, so no student should be sent random emails.
