Disruptions for college students are set to drag into the weekend after hackers briefly took down an online platform used by thousands of schools around the world, from Princeton University in the U.S. to the University of Manchester in the U.K. and the Universidad del Desarrollo in Chile.

Instructure Inc., which runs the Canvas service used by students to take tests and get grades, said it was forced to suspend the portal Thursday after breaches by a “criminal threat actor.” The perpetrators exploited a vulnerability in a specific account for teachers, the company said, gaining access to some of its websites. The KKR & Co.-owned company restored much of the service Thursday, though the teacher accounts remain suspended.

The hackers took data including Canvas users’ names, email addresses, student identification numbers and messages among users, according to a statement on the company’s website on Friday.

The firm said it notified the FBI, the U.S. Cybersecurity and Infrastructure Security Agency and law enforcement agencies abroad of an initial breach on April 29 and then another related one on May 7. The company investigation has found no evidence that passwords, dates of birth, government identifiers or financial information were taken, it said.

College students use Canvas for everything from accessing course materials and turning in assignments to checking grades and taking tests. Schools around the world — from Stanford University in California to the University of Oslo in Norway and Australia’s Adelaide University — reported problems with the portals on Thursday. The systems for Yale University, Columbia University and Harvard University were also down for hours.

At Southern Methodist University, the platform was restored late Thursday, but the hack disrupted students’ testing schedules, with the school pushing Friday exams to Sunday, a spokesperson said.

On other college campuses, some tests and assignments have been postponed or canceled, while others haven’t, according to interviews with students and faculty.

Lennon Aledia, a senior at Northwestern University, said a professor told him an exam was likely to be canceled. “Of course, the situation is not great, but I’m looking forward to having a little bit more room to breathe this weekend,” he said.

The university also pushed back the drop deadline for classes in the spring quarter to Monday because of the hack, according to an email from the school’s provost office reviewed by Bloomberg.

“We’re extending the deadline to Monday night but we have no idea if we’ll have things running by then,” said Mark Witte, the director of undergraduate studies for the school’s economics department. “The drop deadline’s fairly arbitrary.”

With the scarcity of information from administrators, other professors have turned to Witte for guidance.

“The level of communication has not been perhaps as helpful as it could have been,” he said.

At Harvard University, the Canvas service was back online Friday morning. But Lorenzo Ruiz, a junior, still had questions.

“Little further information was provided other than that they had contained the cyber incident,” Ruiz said. “I’m left wondering what data hackers still got away with.”

Some of Instructure’s K-12 school customers and districts were also affected, including Hillsborough County Public Schools, which includes Tampa, according to a spokesperson. New York City Public Schools, the largest K-12 district in the US with about 1 million students, has seven schools impacted by the Canvas hack, according to the district spokesperson.

“The disruption of Canvas is happening at an especially cruel time, right as students are preparing for final exams and graduation,” said Danny Jenkins, chief executive officer of the cybersecurity firm ThreatLocker. “Students are panicked, and that’s exactly what the attackers wanted in an effort to pressure Instructure and schools.”

Instructure staff first noticed “unauthorized activity” on its Canvas platform on April 29, according to the company’s statement. The firm “immediately revoked the unauthorized party’s access.” Nonetheless, on May 7, the company found more “unauthorized activity tied to the same incident,” with the hackers changing the landing page that some students and teachers see when logged in to Canvas, according to the statement. Instructure said it then took Canvas offline to contain the breach.

The company said it’s taking various steps to prevent future breaches, including by rotating security credentials and deploying new protections on its system. It said none of its products beyond Canvas were affected.

A cybercrime group, ShinyHunters, said it was responsible for the hack in a dark web post seen by Bloomberg News, but Instructure hasn’t confirmed the source. ShinyHunters is known for stealing victims’ data and then demanding extortion fees.

“The attackers’ ability to deface login systems also suggests a level of access to servers and systems that increases the likelihood they may have had access to sensitive databases,” Jenkins said. “It’s equally important affected institutions take action. Once Instructure restores systems, schools should be minimizing privileges, resetting passwords and monitoring for phishing attempts using exposed data.”

KKR and Instructure are facing several federal lawsuits over the breach.

_____

(With assistance from Lynn Doan, Jeannine Amodeo and Jordan Robertson.)

_____

©2026 Bloomberg L.P. Visit bloomberg.com. Distributed by Tribune Content Agency, LLC.