Cyber Attack on Canvas Disrupts Universities in US and New Zealand

A cyber attack on the Canvas learning-management system has forced universities in the U.S. and New Zealand to delay assessments and exams.

The breach is significant because it targets a centralized academic software platform used by thousands of schools ^[1], creating a single point of failure for global higher education infrastructure.

The attack occurred in early May 2026, resulting in system outages and a loss of access to critical assessment materials. Students at affected institutions, including those in New Zealand, reported receiving pop-up messages indicating that hackers had breached the platform.

At the University of Illinois, the disruption hit during a critical academic window. The institution was forced to reschedule final exams for Sunday ^[2] following reports of the attack on May 9, 2026 ^[2].

While some reports initially characterized the event as a nationwide issue within the U.S., other sources confirm the attack was international in scope. The breach affected institutions worldwide due to the widespread adoption of the Canvas platform [1, 3].

The hacking group breached the software to cause system-wide instability, effectively locking students and staff out of their digital classrooms. This outage prevented the delivery of exams, and the submission of coursework, during the end-of-term period.

University administrators have worked to restore access and coordinate new testing schedules. The incident highlights the vulnerability of cloud-based educational tools to targeted cyber threats.