UPDATED: At 7:45 p.m., Virginia Tech released another statement that recognizes the impact that the Canvas LMS outage has had on students and faculty. The university notes that “at this time, the time to resolution of this outage is unknown.”
The university status webpage explains that due to the outage, students’ final exams that are scheduled on Friday, May 8, will be rescheduled for Sunday, May 10.
The university status webpage also provides guidelines for student accommodations during this time.
Spring final exams are scheduled May 8-13.
This is a developing story. We will update as more information becomes available.
UPDATED: At 5:35 p.m., Virginia Tech released a statement via Instagram story and on their university status webpage. The message says:
“Similar to other colleges and universities across the nation, Canvas is down and unavailable at Virginia Tech. The Division of Information Technology and Technology-enhanced Learning and Online Strategies are working with the vendor, Instructure, to identify and resolve the problem.
We are aware of the impact on final exams and other end-of-semester activities. Additional guidance will be shared soon via email and posted on the university status page.”
BREAKING: Virginia Tech appears to be among thousands of schools impacted in a major cybersecurity breach involving the company, Instructure, the developer and publisher of Canvas Learning Management System.
Hackers connected to the group “ShinyHunters” claimed responsibility for the attack and threatened to leak data unless schools negotiate by May 12.
The message that appears on the Canvas dashboard says:
“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches.’
If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
Instructure still has until EOD 12 May 2026 to contact us.”
The message ends with a link to visit their webpage and view affected schools.
According to Malwarebytes, the hackers claim data tied to nearly 9,000 schools and education platforms that are impacted and that the records of 275 million students, teachers and staff worldwide were stolen.
Instructure confirmed a cybersecurity incident involving some user data, but said passwords, Social Security numbers and financial information were not compromised.
After nearly 40 minutes of the message appearing, the site presently says, “Canvas is currently undergoing scheduled maintenance. Check back soon.”
Virginia Tech has not publicly confirmed whether university-specific data was affected and is expected to release a statement on the attack soon.
This is a developing story. We will update as more information becomes available.
