• • June 8: Last Day of School (All Day) •
  • • June 9: 1A & 2A Exams (All Day) •
  • • June 10: 1B & 2B Exams (All Day) •
  • • June 11: 3A & 4A Exams (All Day) •
  • • June 12: 3B & 4B Exams (All Day) •
  • • Have a Great Summer! See You Next Year! •
The Student News Site of Ocean Lakes High School

The Current
The Student News Site of Ocean Lakes High School

The Current
The Student News Site of Ocean Lakes High School

The Current
Categories:

Cybercrime group strikes again, demanding potential ransom for user information

Chris Litto, News Editor
May 8, 2026
The ransomware note that the hacker group ShinyHunters left on the Canvas login page. The message threatens to leak data on May 12 if a settlement is not reached. Credit to Canvas.

As of May 7, the learning management system known as Canvas is experiencing a widespread outage with the message “down for maintenance,” impacting thousands of schools and universities. Issues have been reported since 3:00 p.m. EDT following an alleged attack on Instructure (parent company of Canvas) by a group called the ShinyHunters.

This extortion group, known for their “pay or leak” attacks, has attacked Instructure for the second time. It has also coerced numerous other companies in the past to pay ransom for stolen information.

The first incident happened on September 2025 and was announced by Instructure as only resulting in the attainment of publicly available information. Due to this, Instructure performed “security patches.” These measures were mocked by the blackmailers in their ransomware note recently as the group successfully breached the system once again. The group also explained that Instructure should have “contacted [them] to resolve it” instead of incorporating additional safety measures.

The newest incident started on April 30 where some customers experienced “limited disruption to tools relying on API keys.”  With Instructure updates on May 1 and May 2, the second update informed the public about some of the information breached. Finally, on May 3, on the ShinyHunters’ leak site, the group threatened to release all information if Instructure did not reach out by May 6.

Currently, the group has given two options: to “negotiate a settlement” or have information leaked.  The group also encouraged schools to reach settlements independently of Instructure if they wanted to “prevent the release of their data.”

Additionally, Instructure was provided until May 12 to come to an agreement before all data is leaked. It is confirmed by Instructure that names, email addresses, and other educational data may have been obtained, bringing the total losses to 3.65 terabytes of data and 275 million records.

Students at local high schools may be affected as normal learning systems and Virtual Virginia (a program that uses Canvas for online learning) are rendered inactive. These websites are also currently added to the “Global Block List” on Securly.

At this time, there is no additional information as schools, law enforcement and cybersecurity experts actively monitor these systems.

Navigate Left
Navigate Right
About the Contributor
Chris Litto
Chris Litto, News Editor
Chris Litto is a junior and a third-year journalism student. In his free time, he enjoys going outside, spending time with his family and friends, and watching T.V. Chris is also part of DECA and Model UN at school. In the future, Chris hopes to get a job in the math and science field.