Canvas Breach Disrupts OU and OSU Services, Prompts Deadline Extensions

Context Canvas is a widely used cloud‑based learning management system that hosts course materials, assignments, quizzes and grades for millions of students nationwide. Both OU and OSU rely on Canvas for daily academic operations, making any disruption immediately visible to faculty and learners.

Key Facts - On May 7, Instructure confirmed a security incident affecting its Canvas infrastructure, causing the web and mobile portals to go offline. - The outage prevented students from accessing assignments, quizzes, exams and grade submission tools. - Oklahoma State University announced that the final grade submission deadline for students turning in finals this week has been extended due to the inability to access Canvas. - The University of Oklahoma acknowledged the global nature of the incident and said it is working with Instructure to monitor the situation and gather more information. - A screenshot shared by an OSU student displayed the threat actor name “Shiny Hunters,” a known cyber‑crime group previously linked to data thefts at Ticketmaster and AT&T. - No specific vulnerability or CVE has been publicly disclosed by Instructure at this time, and the exact number of records exposed remains unknown.

What It Means The disruption highlights how a single third‑party service failure can cascade across multiple institutions, jeopardizing timely coursework completion and grading processes. For students, the inability to submit finals creates academic pressure and uncertainty about final grades. For universities, the incident tests incident‑response coordination with vendors and underscores the need for contingency plans when critical SaaS platforms suffer outages.

Mitigations Security teams should: - Review Instructure’s security advisories and apply any recommended patches or configuration changes to Canvas integrations. - Enable multi‑factor authentication for all Canvas admin and user accounts to reduce risk of credential theft (MITRE ATT&CK T1078). - Monitor logs for anomalous authentication attempts or unusual API calls (T1071, T1190). - Ensure backup copies of course grades and assignments are stored offline or in a separate system to maintain continuity during outages. - Share indicators of compromise with information‑sharing groups such as MS‑ISAC to help other institutions detect similar activity.

Watch for updates from Instructure on service restoration timelines and any formal notifications regarding potential data exposure.