Georgetown University is among a group of schools across the country impacted by a cyberattack on an educational platform May 7.

Cybercrime group ShinyHunters initially attacked Instructure, which operates the learning management system Canvas, on May 3, impacting over 275 million individuals’ data. Starting around 4 p.m. on May 7, Georgetown Canvas users were unable to access the service, which contains course materials and information for many classes.

In a message to Georgetown community members, four university officials confirmed the breach and said students and faculty should not log onto Canvas until an all-clear message is sent.

“We are writing to inform you that Instructure, the vendor providing our Canvas learning management system, has experienced a third-party security breach,” the officials wrote. “This vendor-based incident is impacting educational institutions globally.”

“In light of this security breach, Canvas is currently not available to the Georgetown community,” the officials added. “For community members’ safety and security, the login button has been removed from our Canvas site. Please do not attempt to log into Canvas until an all-clear HOYAlert is sent.”

ShinyHunters said impacted schools and Instructure have until May 12 to negotiate a deal before they release the data they claim was obtained in the cyberattack. 

“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement,” ShinyHunters wrote in a message to Canvas users. “You have till the end of day by 12 May 2026 before everything is leaked. Instructure still has until EOD 12 May 2026 to contact us.”

Steve Proud, Instructure’s chief information officer, said the hackers accessed some users’ personal information.

“While we continue actively investigating, thus far, indicators are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses and student ID numbers, as well as messages among users,” Proud wrote in the May 6 status update. “At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.”

ShinyHunters claims the attack impacted about 8,800 schools. Duke University, the University of Pennsylvania and Brown University are among those who have confirmed the attack on their platform.

The breach came during Georgetown’s final examination period, which runs from May 1 to May 9, 2026, and often involves online exams and paper submissions on Canvas. 

Instructure reported that the attack had been resolved around 5:15 p.m. on May 6. On May 7, Instructure updated users that they were investigating a Canvas outage. 

In the message to community members, officials requested faculty flexibility with deadlines and submission expectations.

“We ask that faculty be flexible where possible with final exam, project and paper deadlines,” the officials wrote. “Students, please email your instructor directly if you have time-sensitive questions.”