Alleged cyberattack temporarily shuts down Canvas

An alleged cyberattack involving “unauthorized activity” on Canvas -- an education platform widely used by universities and schools across the United States -- caused the site to temporarily shut down on Thursday, officials said.

The company said it confirmed that an unauthorized actor carried out the activity by “exploiting an issue related to our Free-For-Teacher accounts.”

“On April 29, 2026, we detected unauthorized activity in Canvas,” Instructure, the developer and publisher of Canvas, said in a statement posted to its website. “We immediately revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts.”

“On May 7, 2026, we identified additional unauthorized activity tied to the same incident,” the statement continued. “The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.”

The data taken in the April 29 incident included personal information of users at affected organizations, including names, email addresses, student ID numbers and messages among Canvas users, the company said.

“We have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved,” Instructure said.

The company also said it encountered the same issue the prior week that led to "unauthorized access."

"As a result, we have made the difficult decision to temporarily shut down Free-For-Teacher accounts. These accounts have been a core part of our platform, and we're committed to resolving the issues with these accounts," Instructure said.

Canvas is now fully back online and available for use, Instructure noted.