A cyberattack on a software system used by colleges nationwide has affected the University of Michigan, Michigan State and Wayne State universities, officials said.
UM officials said Thursday the vendor that provides the Canvas learning management system has reported a security incident.
“Out of an abundance of caution, Information and Technology Services is temporarily removing access to Canvas while our teams investigate and take steps to protect university systems and data,” the school said in a statement. “Users who are currently logged into Canvas should log out immediately.”
The UM system remained offline Friday after Canvas shared in an online message that “Canvas is now available for most users.”
Canvas is used by K-12 schools and colleges to manage online learning. According to its creator, a Salt Lake City-based company called Instructure, it enables educators to create and present online learning materials and assess student learning, and allows students to engage in courses and receive feedback.
A computer hacking group known as ShinyHunters has claimed responsibility for the cyberattack.
ShinyHunters has a history of compromising global corporations. In April, it said it had stolen nearly 80 million business records from video game developer Rockstar Games, the maker of Grand Theft Auto.
Wayne State University officials shared a similar message with their students on Thursday about an outage.
“Canvas continues to be unavailable due to a global outage and an ongoing vendor cybersecurity incident,” the notice said. “The spring/summer semester will begin on Friday, May 8, as scheduled. Students should monitor their email for updates from their instructors. Online classes will be held via Microsoft Teams and Zoom. C&IT continues to work with vendor partners to restore access as soon as possible.”
Michigan State University officials said Friday the school has been affected by the cyberattack.
“We continue to monitor this situation,” MSU officials said in a statement. “At this time, there is no indication that Michigan State University’s enterprise learning management system has been affected by this incident.”
The outage also affected Eastern Michigan University, but school officials said Thursday that “Canvas is back online and we are monitoring its status.”
Madonna University officials said Friday they found no compromise of student accounts after an investigation. The university’s Canvas users are primarily in its Accelerated Bachelor of Nursing program in Southfield, and they have been able to log on to the system, the officials said.
Instructure said it detected unauthorized activity in Canvas on April 29.
“On May 7, 2026, we identified additional unauthorized activity tied to the same incident,” the company said. “The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.”
The company said the hack was conducted through the company’s “Free-For-Teacher accounts.”
“As a result, we have made the difficult decision to temporarily shut down Free-For-Teacher accounts,” officials said. “These accounts have been a core part of our platform, and we’re committed to resolving the issues with these accounts. In the meantime, Canvas is fully back online and available for use.”
cramirez@detroitnews.com
@CharlesERamirez
Reuters contributed.
This article originally appeared on The Detroit News: National cyberattack on online learning system hits Michigan universities
Reporting by Charles E. Ramirez, The Detroit News / The Detroit News
USA TODAY Network via Reuters Connect
