Instructure confirmed a cybersecurity incident affecting Canvas after ShinyHunters claimed responsibility and threatened to leak data, prompting disruptions for students and faculty during final-exam week. The company later said it believed the incident was contained and that affected data included user messages, names, email addresses, and student ID numbers, while passwords, dates of birth, government identifiers, and financial information were not believed compromised. Separate reporting also described a renewed extortion message to Canvas users and a Canvas service outage around the same timeframe, with Princeton and other institutions posting status updates and some schools considering schedule changes. The incident underscores that learning management systems are now a high-value target for criminal actors seeking institutional and student records. Institutions using Canvas are facing operational pressure beyond notification and remediation: they must support students during outages, manage workaround communications, and coordinate with IT and vendors on containment steps such as revoking privileged credentials and rotating keys. The episode mirrors prior high-profile education platform attacks against major providers. For higher education, the immediate risk is continuity of instruction and assessment; the longer-term risk is trust and compliance. The dispute also raises the prospect of more frequent ransom-driven disruptions as attackers continue to focus on widely deployed education technology platforms.