Update, May 9, 11:59 p.m.: Partial access to Canvas was restored Saturday evening, ending a temporary block of the site in the aftermath of an alleged data breach. UChicago is “working with Instructure to better understand how University data may have been affected” by the security breach, Chief Information Officer Kevin Boyd wrote in an email to students.
A criminal hacking group claimed to have stolen sensitive UChicago account data from Instructure, Canvas’s parent company, in a message that briefly appeared on UChicago’s Canvas site Thursday. The group gave UChicago and Instructure a Tuesday night deadline to contact them before it released the data.
The initial message from the hacking group, ShinyHunters, had been replaced by a notice that Canvas was undergoing regularly scheduled maintenance by 3:35 p.m.
ShinyHunters, which has been active since 2019, has previously targeted a variety of organizations, including Salesforce, AT&T, and the University of Pennsylvania. The group has either attempted to sell or solicit ransoms from targets in exchange for deleting the data.
“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches,’” the message read, instructing affected schools to contact them privately via the encrypted messaging platform TOX to “negotiate a settlement.”
UChicago IT wrote in an alert shortly afterward that there “is no direct evidence at this time of unauthorized activity affecting UChicago Canvas accounts,” and said the office had temporarily disabled UChicago’s Canvas login page. Canvas is still inaccessible at the time of publication.
UChicago is one of about 8,800 schools, school districts, and other institutions included on a list of “affected schools” whose data ShinyHunters claimed to have breached. Other universities on the list, including Harvard and Princeton, also reported Canvas outages.
Hyde Park’s Chicago Theological Seminary and Chicago Public Schools, as well as other Chicago-area institutions, are also on the ShinyHunters list.
“Instructure has indicated that the incident is being actively investigated with outside experts,” Chief Information Officer Kevin Boyd and Chief Information Security Officer Matt Morton wrote in an email to students Thursday night.
“The Canvas service is currently unavailable for all customers due to a widespread cybersecurity incident affecting the platform,” they wrote in the email. “The University is working with Instructure to restore Canvas as quickly as possible and to understand the impact of the incident.”
This is a developing story.
GarbageMan / May 8, 2026 at 6:03 pm
Dr. Evil and Blofeld teamed up to extort 1 billion dollars.