Canvas, a widely used learning management system operated by Instructure, experienced an outage on Thursday amid a reported cybersecurity incident that affected schools and universities in the United States and other countries.
Several Texas institutions, including Texas A&M University and the University of Houston, confirmed disruptions to their academic platforms as students prepared for final exams. Other affected schools included Texas Southern University, the University of Houston–Downtown, Houston City College, and Prairie View A&M University, which all use Canvas for course management services.
Cybersecurity analyst Luke Connolly of the firm Emsisoft said the hacking group ShinyHunters claimed responsibility for the breach targeting Instructure. He said the group alleged that nearly 9,000 educational institutions were impacted and that large volumes of user data, including private messages, may have been accessed.
Connolly said screenshots shared by the group indicated threats to release data in stages, with deadlines set for Thursday and later in May. He said the staggered timeline suggested possible ongoing negotiations involving extortion demands.
Instructure did not immediately respond to requests for comment on whether the outage was caused by the cyberattack or if the system was taken offline as a precautionary measure.
The University of Houston said in a statement that it was aware of a global disruption affecting Canvas due to a cybersecurity incident involving Instructure and that its information technology team was monitoring the situation.
School districts, including Houston ISD and Katy ISD, also notified students and staff of the disruption.
Connolly said the incident appeared similar to previous cyberattacks targeting education technology platforms. He said schools remain frequent targets for cybercriminal groups due to the large volume of stored personal and academic data.
Instructure has not issued a public statement on its social media accounts regarding the reported incident.