“ShinyHunters has breached Instructure (again),” the message read, according to reporting from the University of Pennsylvania’s student newspaper. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”

Other universities, such as Duke and Harvard, also reported receiving the same message on their Canvas accounts.

In a statement to the Daily Pennsylvanian, the hackers urged impacted schools to “negotiate a settlement,” adding: “Instructure didn’t fix all the vulnerabilities we have more.” 

The warning also threatened that “everything is leaked” if a Tuesday deadline was not met.

By around 4:20 p.m., the hackers’ message had been replaced with a notice from Canvas stating the platform was undergoing “scheduled maintenance.” Later Thursday evening, the company announced the service had been restored “for most users.”

The outage disrupted academic schedules at schools across the country as universities scrambled to respond amid and ahead of final exams.

“This is being reported as a national-level cyber-security incident,” Tim Shie, the director of information technology at the University of Iowa’s College of Public Health, wrote in a notice to students and staff. “Hopefully we will have a resolution soon.”

James Madison University said students with exams scheduled for Friday would have a make-up day on Wednesday, while the University of Texas at San Antonio announced it was postponing Friday finals.

THE VARIOUS CHALLENGES FACING THE AIRLINE INDUSTRY THAT MAKE FLYING WORSE FOR TRAVELERS

The incident marks the second major breach claimed by ShinyHunters this month. In a ransom note posted May 3 and shared by ransomware.live, the group alleged it had stolen data belonging to 275 million students and teachers, including names, email addresses, student ID numbers, and private user messages.

ShinyHunters previously claimed responsibility for the 2024 hack of Ticketmaster, in which user data was allegedly stolen and later offered for sale on the dark web.