A cybersecurity incident involving the Canvas learning management system, provided by Instructure, disrupted schools and universities nationwide, including Knox County Schools and the University of Tennessee. Some users saw an unauthorized message upon logging in, prompting swift action by districts to remove it.

Instructure confirmed that names, email addresses, student ID numbers, and private messages were accessed in the breach before it was contained. The extortion group ShinyHunters claimed responsibility, alleging the theft of over 3.65 terabytes of data encompassing roughly 275 million records from students, teachers, and staff across thousands of affected institutions.

The outage struck at a critical time during final exams, leaving many UT students unable to access study materials, practice tests, assignments, and due dates. In response, the university postponed Friday exams to Saturday, May 9, urged faculty to be flexible and compassionate, and advised downloading course materials as backups in case of further disruptions.

Instructure notified institutions of the breach, noting that sensitive data like passwords, dates of birth, government IDs, or financial information did not appear to be involved. Officials continue monitoring the situation while encouraging vigilance against potential scams.