Major Canvas Data Breach Impacts Universities Worldwide: Have You Been Affected?

by Insider Guides | May 7, 2026

Sign up to our newsletter!

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.

A major cyber attack has hit the popular learning platform Canvas, potentially affecting millions of students and staff around the world, including international students studying in Australia.

Canvas, created by Instructure, is used by universities, TAFEs and schools to manage coursework, assignments, grades and communication between students and teachers. Many Australian universities rely on the platform for day-to-day learning activities.

According to the company, hackers gained access to some user information during a “cybersecurity incident” involving the Canvas system. Australian institutions confirmed to be investigating the breach include universities in South Australia and New South Wales, Queensland state schools, and Tasmanian education providers.

What information may have been exposed?

Instructure says the compromised information may include:

  • Names
  • Email addresses
  • Student ID numbers
  • Messages sent through Canvas

The company says there is currently “no evidence” that passwords, financial information, government identification details or dates of birth were accessed.

Cybercrime group ShinyHunters has claimed responsibility for the attack and says data from thousands of institutions worldwide was stolen. Some reports suggest as many as 275 million users could be affected globally, although this figure has not been independently confirmed by Instructure.

What does this mean for international students?

If your university or education provider uses Canvas, your information may have been part of the breach, even if you haven’t been contacted yet.

While passwords do not appear to have been stolen, cybersecurity experts are warning students to stay alert for phishing scams, fake university emails and suspicious messages pretending to be from education providers.

Scammers may use leaked information such as your name, university or student email address to make messages appear more convincing.

What should students do now?

Experts recommend international students take a few simple precautions:

  • Be cautious of unexpected emails or texts asking for personal information
  • Avoid clicking suspicious links claiming to be from your university
  • Change your Canvas password if you reuse it on other accounts
  • Enable multi-factor authentication (MFA) where possible
  • Monitor university announcements for updates about the breach

Some universities and schools are already contacting affected students directly. The Australian Government’s National Office of Cyber Security is also coordinating a response.

For now, Canvas remains operational while investigations continue.

Insider Guides

Insider Guides are high-quality, best practice guides to ensure students are prepared, welcomed, connected and supported in Australia.