Update Appended (May 8, 10:47 a.m.): This article has been updated to reflect that Canvas access was restored.
On Thursday afternoon, Dartmouth students lost access to the Canvas website after the criminal extortion group ShinyHunters allegedly “breached” Instructure, Canvas’s parent company. Canvas was available again at 11:17 p.m. on May 8, according to Instructure. Approximately 9,000 schools were affected, according to Ransomware.live, which “tracks and monitors ransomware groups’ victims and their activity.”
ShinyHunter’s ransom note was visible on Canvas, according to multiple university newspapers.
“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at Tox [an encrypted communication channel] to negotiate a settlement,” ShinyHunters wrote. “You have till the end of the day by 12 May 2026 before everything is leaked.”
The Information, Technology and Consulting office wrote in a campus-wide email on May 7 that Canvas is “currently inaccessible to Dartmouth users due to an ongoing global security incident.”
“This is a vendor-driven, international event affecting thousands of institutions,” ITC wrote.
In a second email to campus on the morning on May 8, ITC wrote that Canvas access was “an outage resulting from a global security incident.”
At 4:41 p.m., Instructure posted an update that the company is “currently investigating this issue.”
College spokesperson Jana Barnello declined to comment further.
ShinyHunters has taken credit for multiple past cyber attacks on education technology companies.
On May 1, the group allegedly hacked Instructure, demanding the company “pay” or expect a leak of “several billions of private messages among students and teachers and students and other students involved, containing personal conversations.”
Iris WeaverBell ’28 is a reporter and editor. She is from Portland, Ore., and is majoring in economics and minoring in public policy.
