Universities and schools K-12 across the country, including in the Philadelphia area, have been impacted by a massive data breach targeting a system widely used by students and faculty. The breach involves Instructure, the parent company of Canvas, a web-based learning management system used daily by educators and students for coursework, assignments, and communication.
Thursday, May 7, 2026 10:12PMUniversities and schools K-12 across the country, including in the Philadelphia area, have been impacted by a massive data breach targeting a system widely used by students and faculty .
The breach involves Instructure, the parent company of Canvas, a web-based learning management system used daily by educators and students for coursework, assignments and communication. Thousands of institutions and millions of users have reportedly been affected, including the University of Pennsylvania. , the hackers reportedly wrote in Penn's Canvas page that any university that does not wish to have its data released should contact the group before May 12.
Students at Penn said they have not received official communication about the incident, though some are aware of the reports. Experts are urging vigilance as the situation develops.
"The one thing that stands out with this attack is its sector-wide. We have a vendor that's used by almost the majority of education institutions around the country," said Rob D'Ovidio, an associate professor in Drexel University's Department of Criminology. Canvas plays a central role in students' academic routines, serving as a hub for assignments, schedules and communication.
"We use canvas for all our classes, usually professors put our assignments on there. Pretty big part of our day-to-day life," said Charles Shen, a junior.
"I think everything these days is all on Canvas... even for my calendar," said senior Eric Zuckerman. While experts say highly sensitive personal information such as Social Security numbers, passwords and usernames has not been compromised. Other data has been exposed, including names, email addresses, messages and student ID numbers. Still, students remain a prime target for scammers who may use the information obtained in the breach to launch phishing attacks or other fraudulent schemes.
"If I was a Canvas user at an institution that was compromised, I'd be on the lookout for phishing attacks," D'Ovidio said. Experts believe the group behind the breach may not use the data directly but could sell it to others, increasing the likelihood of targeted scams.
"Once they get this basic information, name, student ID, email, you become an increased risk you'll be targeted," D'Ovidio said. Despite the scale of the breach, some students say cyber incidents have become so common that they no longer come as a surprise. The group responsible for the breach is reportedly demanding a large payout from affected institutions and is threatening to release the data if payment is not made.
Experts recommend against paying such demands and instead advise affected users to monitor their accounts closely and be cautious of suspicious emails or messages. As school institutions assess the extent of the breach, officials and cybersecurity experts continue to urge caution among students and staff who rely on the platform every day. Action News has reached out to the University of Pennsylvania for comment, but we have not heard back.
Data Breach Canvas Instructure Web-Based Learning Management System Students And Faculty University Of Pennsylvania Hacking Scammers Phishing Attacks Fraudulent Schemes
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Questions linger after approval of massive Box Elder County data centerQuestions remain in Box Elder County after county commissioners approved plans for what could become the world’s largest data center.Now, many residents say the
Read more »
Kevin O’Leary’s Massive Data Center Project in Utah Gets the Greenlight, Locals Are FuriousThe project would be more than twice the size of Manhattan and could consume more electricity than the entire state currently uses.
Read more »
Canvas reportedly hacked by ShinyHunters, claiming data breachCanvas, a widely used learning management system by Instructure, experienced outages Thursday afternoon.
Read more »
Water rights request withdrawn by group planning massive data center in Box Elder CountyThe group tied to a proposed massive data center project in Box Elder County has withdrawn a water rights application connected to the development, according to
Read more »