Instructure’s Canvas has been hit by a second wave of breaches, forcing disruptions that are now spilling into higher-education grading and exam windows. Instructure said the unauthorized actor exploited an issue tied to its Free-For-Teacher accounts, took Canvas offline to contain access, and later restored access while continuing forensic review. The breach has been tied to the ShinyHunters group, which threatened further data actions on May 12. Institutions across the U.S. reported Canvas messages connected to the alleged compromise, and some colleges canceled or paused assessments to manage risk. Pennsylvania State University, among others, canceled tests scheduled during the outage window. Instructure’s response included temporarily shutting down Free-For-Teacher accounts to stop further access while it investigates what information may have been taken. The operational impact is the immediate story for universities: learning-management downtime and uncertainty about data exposure complicate time-sensitive final exams, grade submission, and student communications. The recurring Free-For-Teacher exploitation also raises questions for campus IT leadership about residual exposure paths after the initial May 1 incident.