University of Missouri system users who logged on to the Canvas educational data management system Thursday afternoon were greeted with an ominous message saying the platform had been hacked.
The breach is attributed to a hacker group calling itself ShinyHunters, which has claimed responsibility for dozens of similar data thefts since 2019, including breaching Microsoft, AT&T, Louis Vuitton and other educational software, such as Power School.
"Access to Canvas for the University is closed. We did that to make sure that things remained as safe as we can make them," said UM spokesman Christopher Ave. "We are going to be working with Canvas to get a solution as quickly as we possibly can."
The message appearing to UM system Canvas users attempted to extort the school into paying a ransom, though a specific dollar amount was not listed. The message gives Mizzou until May 12 to comply, saying that if the deadline is not met, the information of Canvas users will be distributed online.
Ave said MU officials has been informed earlier by the week that Canvas parent company Instructure has been the target of a cyberattack, but it wasn't until Thursday that the UM system campuses in Columbia, Kansas City, St. Louis and Missouri S&T in Rolla were affected.
Ave said school officials don't know how many individuals' records might be compromised.
"We were waiting to get clarity on that or seeking clarity on that when today's incident occurred," he said.
University of Missouri IT is providing updates on its website.
Mizzou is far from the only university to be affected. Canvas is believed to be used by more than 40% of all U.S. universities. News reports say schools such as Duke, Rutgers and the University of Pennsylvania are among those that have also had their Canvas sites hacked.
Stephens College in Columbia and Lincoln University in Jefferson City have confirmed that they are both being impacted by the widespread, ongoing Canvas outage.
The Moberly Area Community College website confirms they have also been impacted.
According to their website, "Canvas has notified MACC of a nationwide outage. We are working closely with Canvas to resolve the situation. Students will be notified as soon as Canvas is available."
A Springfield, Missouri-based cybersecurity expert who advises firms in the event of a hack says the group believed responsible for the Canvas intrusion is well-known and financially-motivated.
"I've seen evidence that [ShinyHunters] were using Telegram and WhatsApp groups and they were actually putting bounties on different access that they could get into different organizations. For example, like police departments or government entities like the Department of Justice," said Matthew Powell, executive director of the Missouri Cybersecurity Center of Excellence.
While University of Missouri officials were notified earlier this week of potential vulnerabilities, Powell said the event that granted ShinyHunters access to Instructure's system happened on April 25.
He said it's common for there to be significant lag time between internal knowledge of a problem and public awareness of it.
"Typically, in these kind of events, they're delayed from public knowledge for about, sometimes up to a month, maybe even longer," he said.
Powell said it's rare that hackers are caught. One reason hackers are incentivized to try to break into systems, he said, is because there's insufficient investment in hardware to ensure cybersecurity, such as requiring a physical key to grant access.
"This happens all the time. The United States is constantly targeted for financial crimes from threat actors all over the world. It's a billion-dollar business and the reason for that is most of them get away with it," Powell said.
This is a developing story and will be updated.
Copyright 2026 KBIA 91.3 FM