CHICAGO (WLS) — A significant data breach has disrupted operations at educational institutions across the nation, including the University of Illinois and Illinois State University. This breach has targeted a system heavily relied upon by students and faculty.
The breach centers around Instructure, the company behind Canvas, a popular online learning management system used for coursework, assignments, and communication. It’s reported that thousands of educational institutions and millions of users are affected by this breach.
As a result, the University of Illinois has decided to delay exams and assignments scheduled for Friday, Saturday, and Sunday, according to an announcement made by the university on Thursday evening.
ABC7 Chicago is now streaming 24/7. Click here to watch
Users have been greeted with a message from the hacker group known as “ShinyHunters.” This group is demanding negotiations with each impacted institution, threatening to release the stolen data if their demands are not met.
“What makes this attack particularly notable is its widespread impact. The vendor involved is extensively used by educational institutions nationwide,” explained Rob D’Ovidio, an associate professor at Drexel University’s Department of Criminology.
Although experts assure that highly sensitive data, such as Social Security numbers, passwords, and usernames, remain secure, other information, including names, email addresses, messages, and student ID numbers, has been compromised.
Still, students remain a prime target for scammers who may use the information obtained in the breach to launch phishing attacks or other fraudulent schemes.
“If I was a Canvas user at an institution that was compromised, I’d be on the lookout for phishing attacks,” D’Ovidio said.
Experts believe the group behind the breach may not use the data directly but could sell it to others, increasing the likelihood of targeted scams.
“Once they get this basic information, name, student ID, email, you become an increased risk you’ll be targeted,” D’Ovidio said.
The group responsible for the breach is reportedly demanding a large payout from affected institutions and is threatening to release the data if payment is not made. Experts recommend against paying such demands and instead advise affected users to monitor their accounts closely and be cautious of suspicious emails or messages.
As school institutions assess the extent of the breach, officials and cybersecurity experts continue to urge caution among students and staff who rely on the platform every day.
The hackers are giving schools until the end of next Tuesday, May 12, to respond.
So far, leadership at the schools are telling users there’s no timespan on when the cyber-attack could be resolved.
The University of Illinois said, “Canvas, our learning management system, is offline due to an ongoing cybersecurity incident. We are awaiting information from Instructure, the parent company of Canvas, as to when the service will become available again. Until the vendor can solve this problem, course materials will be unavailable. This issue is affecting universities across the country. Members of university leadership are discussing next steps, with sensitivity to the impacts on students and instructors during the final exam period. For status updates, please visit go.illinois.edu/2026-canvas-incident.”
Illinois State University said, “The Canvas learning management system is currently experiencing an unexpected outage affecting universities nationwide, including Illinois State University. At this time, the cause of the outage and an estimated time to resolution are not known. We are monitoring the vendor’s communications and keeping our campus community updated.”
Northwestern University said, “Northwestern IT continues to monitor the issue affecting Canvas. The vendor is aware and investigating the issue. We can also confirm that other institutions are experiencing the same impact.”
The University of Chicago said, “Instructure, the provider of Canvas, has publicly disclosed a cybersecurity incident affecting their environment. The University of Chicago has no evidence of unauthorized activity affecting UChicago Canvas accounts at this time. However, we have temporarily disabled the Canvas Login until the service is available again.”
6abc Philadelphia contributed to this report.
Copyright © 2026 WLS-TV. All Rights Reserved.
