Kyanite BlueKyanite Blue
Kyanite BlueKyanite Blue

Live briefing, 9 May 2026

9,000 schools just got hacked.
No school was the target.

The ShinyHunters attack on Canvas / Instructure compromised one software vendor and disrupted exam season at roughly 9,000 universities and schools across the US, Canada, and Australia. This is what every school IT lead and senior leader should be doing this week.

9,000

institutions affected globally

1

vendor breached (Instructure)

0

schools attacked directly

What happened

The supply chain became the target.

On 8 May 2026, the hacking group ShinyHunters claimed responsibility for a breach of Instructure, the company that operates Canvas. Canvas powers coursework, exams, and grades for roughly 9,000 institutions worldwide.

Students at Mississippi State, Penn State, Idaho State, the University of Sydney, the University of British Columbia, the University of Toronto, UCLA, and the University of Chicago saw bitcoin ransom notes appear on their screens during finals week. Some institutions cancelled exams. Others advised students to log out and ignore suspicious messages.

ShinyHunters has been linked to the 2025 Jaguar Land Rover attack and a string of high-profile supply-chain breaches. The pattern is the same: compromise one upstream supplier, take a thousand downstream organisations hostage.

Reporting based on BBC News, 9 May 2026.

Read next

Five guides for school IT and senior leaders.

Action checklist

School cybersecurity checklist after the Canvas breach

14 concrete actions school IT and senior leadership should take this week in response to the May 2026 Canvas / ShinyHunters breach.

Read the guide

Breach analysis

What every school should learn from the Canvas / ShinyHunters attack

The May 2026 ShinyHunters attack on Canvas hit roughly 9,000 schools and universities. Five concrete lessons school IT teams can act on this week.

Read the guide

Threat actor profile

Who is ShinyHunters?

ShinyHunters claimed the May 2026 Canvas breach affecting 9,000 schools. Here is who they are, what they do, and how schools should respond.

Read the guide

Supply-chain guide

Third-party SaaS risk for schools

Schools depend on dozens of SaaS vendors. The May 2026 Canvas breach showed the cost of weak third-party risk controls. Here is a practical fix.

Read the guide

Sector analysis

Why schools became the top ransomware target in 2026

Schools and universities now top the ransomware target list. Here are the four reasons, with citations, and what to do about it.

Read the guide

Where does your school actually stand?

Three-minute AI Readiness Assessment. Your AI-readiness score, the gaps in your current stack, and the AI-native products that close them. Free, no signup wall.