Massive data breach affects schools using Canvas nationwide, including U of I, Illinois State

CHICAGO -- Universities and schools K-12 across the country, including the University of Illinois and Illinois State University have been impacted by a massive data breach targeting a system widely used by students and faculty.

The breach involves Instructure, the parent company of Canvas, a web-based learning management system used daily by educators and students for coursework, assignments and communication. Thousands of institutions and millions of users have reportedly been affected, including the University of Pennsylvania.

According to the university's newspaper The Daily Pennsylvanian, the hackers reportedly wrote in Penn's Canvas page that any university that does not wish to have its data released should contact the group before May 12.

Students at Penn said they have not received official communication about the incident, though some are aware of the reports. Experts are urging vigilance as the situation develops.

"The one thing that stands out with this attack is its sector-wide. We have a vendor that's used by almost the majority of education institutions around the country," said Rob D'Ovidio, an associate professor in Drexel University's Department of Criminology.

Canvas plays a central role in students' academic routines, serving as a hub for assignments, schedules and communication.

"We use canvas for all our classes, usually professors put our assignments on there, pretty big part of our day-to-day life," said Charles Shen, a junior.

"I think everything these days is all on Canvas, even for my calendar," said senior Eric Zuckerman.

While experts say highly sensitive personal information such as Social Security numbers, passwords and usernames has not been compromised. Other data has been exposed, including names, email addresses, messages and student ID numbers.

Still, students remain a prime target for scammers who may use the information obtained in the breach to launch phishing attacks or other fraudulent schemes.

"If I was a Canvas user at an institution that was compromised, I'd be on the lookout for phishing attacks," D'Ovidio said.

Experts believe the group behind the breach may not use the data directly but could sell it to others, increasing the likelihood of targeted scams.

"Once they get this basic information, name, student ID, email, you become an increased risk you'll be targeted," D'Ovidio said.

Despite the scale of the breach, some students say cyber incidents have become so common that they no longer come as a surprise.

"It's almost like this desensitization," said Sarah Parmet, a freshman.

The group responsible for the breach is reportedly demanding a large payout from affected institutions and is threatening to release the data if payment is not made. Experts recommend against paying such demands and instead advise affected users to monitor their accounts closely and be cautious of suspicious emails or messages.

As school institutions assess the extent of the breach, officials and cybersecurity experts continue to urge caution among students and staff who rely on the platform every day.

The University of Pennsylvania did not immediately respond to a request for comment.

U of I said, "Canvas, our learning management system, is offline due to an ongoing cybersecurity incident. We are awaiting information from Instructure, the parent company of Canvas, as to when the service will become available again. Until the vendor can solve this problem, course materials will be unavailable. This issue is affecting universities across the country. Members of university leadership are discussing next steps, with sensitivity to the impacts on students and instructors during the final exam period. For status updates, please visit go.illinois.edu/2026-canvas-incident."

ISU said, "The Canvas learning management system is currently experiencing an unexpected outage affecting universities nationwide, including Illinois State University. At this time, the cause of the outage and an estimated time to resolution are not known. We are monitoring the vendor's communications and keeping our campus community updated."

Northwestern University said, "Northwestern IT continues to monitor the issue affecting Canvas. The vendor is aware and investigating the issue. We can also confirm that other institutions are experiencing the same impact."

The University of Chicago said, "Instructure, the provider of Canvas, has publicly disclosed a cybersecurity incident affecting their environment. The University of Chicago has no evidence of unauthorized activity affecting UChicago Canvas accounts at this time. However, we have temporarily disabled the Canvas Login until the service is available again."