During the Canvas outage, students temporarily saw a message while attempting to access Canvas on May 7, 2026. (Courtesy of Jett Nielsen)
Students at the University of Colorado Boulder have access to Canvas again following a global cyberattack on Instructure, its parent company.
Around 2 p.m. on Thursday, students trying to access Canvas were met with a message from a cybercriminal group called ShinyHunters. The group claimed it had breached the platform and obtained data from thousands of universities, including all CU campuses.
The message was removed and replaced with a maintenance message before the system was restored.
CU spokesperson Michele Ames said Canvas initially went offline on Monday and was back online shortly after. The university released a statement saying it was monitoring the situation.
After Canvas went offline on Thursday, Ames said Instructure advised the university that Canvas was secure. She said the university chose to proceed with an “abundance of caution.”
The university system updated its security processes on Canvas to prevent future disruptions, according to Ames.
“The security team needs to work carefully and methodically through their protocols so that we make sure we do everything we can to protect the data,” Ames said.
Students taking “Maymester” classes—which began May 4 and end on May 21—were unable to access their coursework. CU Boulder professor Christopher Carruth said that he and other faculty would have to adjust course schedules as a result.
“I’m either going to have to cut content or condense content, depending on how long this outage continues,” Carruth said.
Carruth, who is teaching an online asynchronous class, said one day of coursework is equivalent to a week of coursework in a standard semester.
The attack also impacted students seeking access to their official transcripts. The university disabled Parchment, another company under Instructure that generates official transcripts, due to its connection to Canvas. While it is inaccessible through the Buff Portal, students can access it through its main website as of Friday evening.
Ames said that Parchment was not impacted by the data breach, but the university took security measures before putting it back online.
ShinyHunters has previously claimed to steal data from numerous companies including Vimeo, Bumble, CarMax and SoundCloud. The group allegedly publishes stolen data on its website when it does not reach an agreement with an institution. It also claims to delete information and cease contact if it reaches a settlement.
According to the website, ShinyHunters calls the hacking “corporate regime change” instead of extortion.
Ames said Instructure did not confirm whether CU data was breached, but the university assumed it was. She noted that Instructure confirmed the attack did not breach sensitive information like social security numbers or birth dates.
“The data that students put in Canvas is relatively limited in terms of somebody being able to take it and do something with your identity,” she said.
In a FAQ posted Friday evening, the university encouraged students and faculty to prepare “backup plans” in case Canvas goes offline again. It advised making plans for course communications, assignment submissions and grade records.
CU Independent Staff Photographer Tyler Phillips contributed to this story.
Contact CU Independent News Editor Avery Clifton at Avery.Clifton@colorado.edu
