Ransomware incident blocks WA college students from Canvas
Tens of thousands of students in Washington and around the country lost access Thursday to Canvas, an online course management platform, after a cybersecurity incident affecting the company behind the service escalated.
In the wake of the attack, the University of Washington, Seattle Colleges, Washington State University and other institutions removed access to Canvas, the primary tool students and instructors use to communicate about courses, submit assignments and view grades.
It's unclear when access will be restored.
In a statement, the University of Washington said it first became aware of the incident over the weekend, but the situation escalated around 1 p.m. Thursday after new information emerged from Canvas and users of the system. The university said the issue was not originating from UW systems and appeared to be affecting colleges and universities nationwide.
In an email to The Seattle Times, UW spokesperson Victor Balta acknowledged that some education-related information such as contact information, course participation, course materials and assignments may have been exposed," though he said the university was awaiting confirmation from the platform's parent company. Balta added that UW's use of Canvas "does not include sensitive personal information such as Social Security Numbers, home addresses, billing information or financial aid information."
Canvas is operated by Instructure, an education technology company that confirmed a data breach this week. Instructure said on its website that some user data was compromised, though passwords and certain other sensitive information were not affected. According to TechCrunch, the hacking and extortion group ShinyHunters claimed responsibility for the breach and claims it has data for students at nearly 9,000 institutions.
Aina Alvarez, a University of Washington undergraduate enrolled in a fully online early childhood and education degree program, said she first noticed issues Thursday morning when she tried to log into Canvas.
A few hours later, she checked again and saw a message from ShinyHunters on the login page. The message said affected schools had until May 12 to "negotiate a settlement "before everything is leaked."
Copyright 2026 Tribune Content Agency. All Rights Reserved.
This story was originally published May 7, 2026 at 11:44 PM.