A hacking group called ShinyHunters says it broke into Instructure, the company that runs the online classroom platform Canvas, for the second time this month. They stole millions of student and faculty records and cut off Canvas access for schools across Maryland and the United States, including in Harford County.

What’s Happening: The attack began Thursday, May 7, when students attempting to log into Canvas were redirected to a message from ShinyHunters claiming credit for the breach. The hacking group threatened to release 3.65 terabytes of data allegedly stolen during its initial breach of Instructure on May 1 unless the company contacted them before May 12.

What Was Taken: The hackers say they took millions of records, including names, email addresses, student ID numbers, and private messages sent through Canvas. Instructure said it has not found any evidence that passwords, Social Security numbers, or financial information were taken, but the investigation is still ongoing.

How This Affects Harford County: Canvas is the platform millions of students and teachers use every day to turn in assignments, check grades, take quizzes, and send messages. More than 8,000 schools and universities were reportedly affected. Some schools postponed exams and switched to backup systems while Canvas was down.

Both Harford County Public Schools and Harford Community College were listed among the affected institutions. Multiple other Maryland institutions were also hit, including:

  • University of Maryland, Johns Hopkins University, Morgan State University, Howard University, and Georgetown University
  • The Maryland State Department of Education, Maryland University of Integrative Health, Maryland School for the Deaf, and the Judicial College of Maryland

Harford County’s Response: Harford County Public Schools shared a message on Facebook alerting families to the Canvas outage.

Where Things Are Now: As of May 8, many Canvas systems are back online after Instructure took parts of the platform offline to work on the problem. Instructure has not paid the ransom to ShinyHunters.

About ShinyHunters: Not much is publicly known about ShinyHunters, but the group has been active since 2020, with a track record of targeting companies for money through data theft and extortion. Previous ShinyHunters targets from the last five years include the EU Commission, Ticketmaster, Pornhub, GrubHub, and AT&T.

How to Protect Yourself: Here are several steps people can take when their personal data may have been exposed in a breach.

  • Change your password on the website that has been breached and any other accounts that use the same password.
  • Turn on two-factor authentication, a security setting that requires a second step, such as a text message code, to log in.
  • Watch for phishing emails, which are fake messages designed to look real and trick you into clicking a link or giving up personal information.
  • Do not click links in unexpected emails or text messages.
  • Monitor your email account for unusual activity or login attempts you do not recognize.
Trending Now ↻ 3m ago
  1. Harford County residents asked to conserve water due to drought
  2. April 2026 – Page 2 of 2 – The Harford County Sun
  3. May 2026 – Page 2 of 2 – The Harford County Sun
  4. Harford County schools hit by massive Canvas hack
  5. Randy Nelson Archives – The Harford County Sun

Discover more from The Harford County Sun

Subscribe to get the latest posts sent to your email.

Leave a comment

Your email address will not be published. Required fields are marked *