Highline College’s Canvas goes down in a ransomware attack by hacker group, ShinyHunters, who are using a “pay or leak” extortion framework. Nearly all 30 million users of the online learning platform lost access to the site today in a nationwide attack that followed an earlier attempt this past weekend. 

Canvas is down for its nearly 30 million users across the country in the ransomware attack. Hacker group ShinyHunters, formed in 2019, gained control of the site Thursday morning, leaving a message that read, “You have till the end of the day by 12 May 2026 before everything is leaked.” 

The entire message was removed by Instructure, Canvas’ parent company, and replaced with a scheduled maintenance message. 

Vice President Josh Gertsman said, “This is a nationwide incident. We are working with the SBCTC and Instructure to understand the full extent of this incident. We hope to have an update by Friday morning. We recognize this is causing a disruption to instruction & we ask students, faculty and staff to read the updates and do not respond to any emails or communications asking them to log on until our IT Help Desk or College Leadership communicates that the situation is addressed and resolved.” 

Over the past weekend, ShinyHunters targeted select colleges’ and universities’ Canvas systems. It was confirmed by Instructure that Highline was one of the targets. 

Highline College officials stated, “Instructure believes that some user-identifying information was stolen, including name, email address, student ID number, and messages sent on Canvas. They believe that passwords, birthday, Social Security number, and bank information were NOT affected.“ 

Officials with Highline’s Education Technology (EdTech) department implemented an IT security response process and began working with state officials. 

The ransomware attack went nationwide Thursday, shutting down access across the country as the final weeks of spring quarter. 

In ShinyHunter’s initial message as part of the Thursday morning attack, they stated, “ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’.”

The group uses a “pay or leak” extortion framework; threatening the release of information if schools do not reach a settlement. 

Other schools across the state affected by the attack include the University of Washington, Central, Western, and Eastern Washington University. 

Updates on the status of Canvas can be found at the Instructure Status Page.

This is a developing story.

**Mavrie has been serving as editor for the ThunderWord since 2024. She is also the founding president of Highline’s Non-fiction Writers Circle.**