University of Missouri system users who logged on to the Canvas educational data management system Thursday afternoon were greeted with an ominous message saying the platform had been hacked.
The breach is attributed to a hacker group calling itself ShinyHunters, which has claimed responsibility for dozens of similar data thefts since 2019, including breaching Microsoft, AT&T, Louis Vuitton and other educational software, such as Power School.
"Access to Canvas for the University is closed. We did that to make sure that things remained as safe as we can make them," said UM spokesman Christopher Ave. "We are going to be working with Canvas to get a solution as quickly as we possibly can."
The message appearing to UM system Canvas users attempted to extort the school into paying a ransom, though a specific dollar amount was not listed. The message gives Mizzou until May 12 to comply, saying that if the deadline is not met, the information of Canvas users will be distributed online.
Ave said MU officials has been informed earlier by the week that Canvas parent company Instructure has been the target of a cyberattack, but it wasn't until Thursday that the UM system campuses in Columbia, Kansas City, St. Louis and Missouri S&T in Rolla were affected.
Ave said school officials don't know how many individuals' records might be compromised.
"We were waiting to get clarity on that or seeking clarity on that when today's incident occurred," he said.
Mizzou is far from the only university to be affected. Canvas is believed to be used by more than 40% of all U.S. universities. News reports say schools such as Duke, Rutgers and the University of Pennsylvania are among those that have also had their Canvas sites hacked.
As of 3:40 p.m. Central Time, the message had changed to say Canvas was "undergoing scheduled maintenance."
This is a developing story and will be updated.
Copyright 2026 KBIA 91.3 FM