Georgetown is instructing students to not use Canvas, the university’s learning management system (LMS), after a cybercriminal group claims to have gained unauthorized access to the system on Thursday. The group, who refer to themselves as “ShinyHunters,” are allegedly holding sensitive student and faculty data for ransom. The group is threatening to leak the data unless Canvas’ parent company, Instructure, meets its demands, stating “You have till the end of the day by 12 May 2026 before everything is leaked.”
The Canvas landing page currently displays ShinyHunters’ message, including a download link to view all affected schools and the group’s webpage. They advise “if any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX [a secure messaging platform] to negotiate a settlement.”
Since this attack is on Instructure, not Georgetown directly, it remains unclear if the University is directly in talks with the group.
ShinyHunters is a financially motivated cybercriminal group that focuses on stealing large datasets from companies and institutions. They extort them for profit in a “pay-or-leak” style of ransomware attack, in which stolen data is published if victims refuse to pay. They have built a strong reputation for successfully leaking datasets.
In an email sent Thursday at 6:08 p.m.by Doug Little, Chief Information Officer, Norman J. Beauchamp Jr., Executive Vice President for Health Sciences, Soyica Diggs Colbert, Interim Provost, and Joshua C. Teitelbaum, Interim Dean and Executive Vice President at Georgetown Law Center, students were asked to not log into Canvas or attempt to launch the site in any way.
“In light of this security breach, Canvas is currently not available to the Georgetown community. For community members’ safety and security, the login button has been removed from our Canvas site. Please do not attempt to log into Canvas until an all-clear HOYAlert is sent,” the email instructs.
Georgetown joins the list of 9,000 other schools that have faced a cyberattack by the group within the last week, including all eight Ivy League universities, MIT, and Duke. ShinyHunters claim to have stolen information affiliated with 275 million students, teachers, and others closely associated with the affected institutions. Reporters at The Daily Pennsylvanian, the University of Pennsylvania’s news outlet, contactedShinyHunters and were given confirmation that the group had stolen student data
The Georgetown Canvas page currently states “Canvas is down worldwide. Georgetown is working with Instructure to restore services.” The Instructure website claims that Canvas, Canvas Beta, and Canvas Test are unavailable and that the issue is being investigated as of 2:41 p.m., and Canvas LMS is under maintenance.
The breach finds students right in the midst of exam season, with the last day of exams coming up in two days on Saturday, May 9.
“We ask that faculty be flexible where possible with final exam, project and paper deadlines. Students, please email your instructor directly if you have time-sensitive questions,” the email said.
Instructure is a LMS used by 50% of all colleges and universities in North America. Other targets by ShinyHunters have included Ticketmaster, education publisher McGraw Hill, and Google, but in these cases the companies have publicly denied paying or have explicitly refused to negotiate.
