Due to a cybersecurity event allegedly executed by ShinyHunters — a criminal hacking group — Canvas is currently down for the University and approximately 9,000 schools nationwide. Information involved in the data breach “consists of certain identifying information of users at affected institutions, such as names, email addresses, student ID numbers [and] messages among users,” an Instructure report reads.
Instructure is the parent company of Canvas, a learning management platform that 41 percent of higher education institutions use nationwide to deliver courses, including the University.
“Canvas is currently undergoing scheduled maintenance,” the University’s Canvas access page for students currently reads. Final examinations are still occurring at the University and are set to conclude Friday, but University students lost Canvas access Thursday afternoon.
As reported by Inside Higher Ed, students and faculty nationwide first began experiencing disruptions to the Canvas workflow last week, and ShinyHunters sent the message “PAY OR LEAK” to Instructure soon after the disruptions began.
ShinyHunters is a group believed to have formed in 2019 and been behind various other instances of data breaches. Notable data breaches by the group include its 2024 Ticketmaster breach and its 2025 breaches targeted at the University of Pennsylvania, Harvard University and Princeton University.
J.J. Wagner Davis, executive vice president and chief operating officer, Brie Gertler, interim executive vice president and provost and Kelley Doney, vice president and chief information officer, sent an email addressed to University students, faculty and staff Thursday evening confirming Canvas is unavailable, which is in line with outages of the platform occurring nationwide.
“Based on the information currently available, we believe Instructure has taken Canvas offline as a preventative measure. Institutions worldwide are experiencing similar impacts,” the email read. “We know this disruption comes at an especially difficult time … We ask everyone to extend patience and grace to one another as we come together as a University to work through this unprecedented disruption.”
The email asked students to monitor their emails for messages from instructors, and it asked faculty and instructors to proceed with exams and assignments that are not dependent upon Canvas’ resources.
According to an update posted on the “Instructure Cybersecurity Incident Updates” UVACanvas page with a 2 p.m. timestamp, the University is monitoring the recent cybersecurity incident, and Instructure confirmed that the University was affected by the threat actor who has obtained data associated with University Canvas accounts.
“To further enhance security in UVACanvas and UVACanvas Connect, ITS is conducting an audit of access points for both systems and is working with third-party tool providers to review their integrations as needed,” the latest 2 p.m. update read. “There is no action required from schools, faculty, staff or students at this time.”
On the University’s Information Technology Services page, the most recent update at 4:45 p.m. says Canvas is still unavailable, and “the estimated time to restoration is unknown.”
Steve Proud, Instructure chief information security officer, posted an Instructure incident report Friday of last week after disruptions began across the nation.
“Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts,” the report read.
The following day on Saturday, Proud updated the incident page. In the update, he said Instructure is continuing to actively investigate, and he clarified that the information involved in the breach consists of identifying information of users at affected institutions.
Proud also wrote Saturday that Instructure found no evidence that information regarding passwords, dates of birth, government identifiers or financial information were involved. If that changes, he said Instructure will notify any impacted institutions. No updates have been posted by Instructure since an update Wednesday, which said Canvas is fully operational, and the company is “not seeing ongoing unauthorized activity.”
While Canvas is down, some University professors with classes still in session have emailed students the course content, with finals still set to occur tomorrow. Many teaching assistants for courses have also sent students Canvas resources via Google Drive folders to enable students to study.
In one course — LPPS 3280 “Lessons in Leadership: JFK and the Most Personal Office” — the professors administered a take-home exam that students could take between 2 p.m. Wednesday and 5 p.m. Friday.
Thursday evening, Ken Stroupe, associate director and chief of staff at the Center for Politics and a co-instructor of the course, emailed enrolled students regarding the Canvas outage. According to Stroupe’s email, about half of the class had completed the exam prior to the shutdown. Stroupe said that for those who were in the process of taking the exam or planned to take it later, he and his co-instructor are “considering alternative arrangements” in case the University does not resolve the issue in time.
“We are very sorry for the added stress this [outage] creates,” Stroupe’s email to students read.
Another professor of PLAN 3040 “Metropolis” emailed her students Thursday night after the outage. The course had a take-home exam due Wednesday at 11:59 p.m., and the professor said she was “part way through grading” when Canvas went down. The professor asked students to email her a copy of their exam to ensure grading is not delayed.
Other collegiate newspapers including Collegiate Times reported a message appearing on Canvas from ShinyHunters asking that the schools affected respond to the threat in order to avoid personal information data leakages.
"If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked,” the ShinyHunters message on Canvas read according to the Collegiate Times.
Many other Virginia schools besides the University were also listed, according to News 3, including Virginia Commonwealth University, Old Dominion University and many K-12 public school systems in the Commonwealth. Many Virginia public schools use Canvas and could be affected by the breach — the Virginia Department of Education funds Canvas for all Virginia public school systems as a Statewide Learning Management System.
Various other colleges have reported Canvas outages resulting from the breach, including Oklahoma University, Duke University, Harvard University, Stanford University and the University of Utah.
Read More
Blue books return in an effort to combat AI usage
By Lidia Zur Muhlen | 23 hours agoAccording to the University Bookstore Executive Director Cristy Huffman, the University has seen a roughly 27 percent increase in blue books sales from April 2024-25 to April 2025-26.
University professors weigh in on birthright citizenship
By Abigail Larkin | 23 hours agoFrost, who testified to Congress Feb. 25, 2025 on the constitutionality of birthright citizenship, explained that the executive order challenges the traditional interpretation of the Citizenship Clause of the 14th Amendment.
Jefferson Trust awards 17 student-led projects Flash Grants
By Lucia Gambacini | YesterdayAccording to Andrea Seese, associate director of promotions and events, Flash Grants are capped at $10,000 per recipient and awarded throughout the semester.
