Access to the Canvas platform was disrupted for students at Penn on Thursday afternoon, coinciding with the first week of Final Examinations. The cybercrime group ShinyHunters claimed responsibility for the breach, which follows their earlier attack on Instructure, the company that operates Canvas, last week. An ultimatum was issued by the hackers, warning that universities must contact them before May 12 to avoid data release.
The warning message indicated that unless an agreement is reached, all data will be leaked by May 12, 2026. In response to the situation, Penn's administration is currently investigating the breach and collaborating with Instructure to restore access. A communication from university officials noted that the issue extends beyond Penn, impacting numerous institutions utilizing Canvas.
Earlier, at approximately 4:20 p.m., the ShinyHunters message was replaced by a notification stating that Canvas was undergoing scheduled maintenance. The university has acknowledged the significant nature of this disruption and is committed to providing updates as new information emerges.