Instructure’s Canvas is back online after a major breach, but the incident has forced institutions to pause or reschedule final exams and scramble over access to course materials. The Canvas outage reverberated across higher education as universities entered end-of-semester grading and assessment windows. The company said threat actors exploited issues tied to Canvas’ Free-For-Teacher accounts and continued to affect access for some logged-in users. In response, Instructure temporarily took Canvas offline to contain the incident, engaged outside forensic experts, and shut down Free-For-Teacher accounts to restore confidence in access controls. The breach quickly escalated beyond Instructure’s systems. Universities reported messages linked to the ransomware group ShinyHunters and, in some cases, students and faculty were left without needed platform functions during key assessment periods. K-12 and higher ed operators have been comparing the disruption to the earlier PowerSchool breach, underscoring that large edtech providers remain high-value targets for threat groups aiming to monetize student and staff data or extort institutions during peak academic timelines.