Site Logo

Grays Harbor College among colleges affected by breach

Published 1:30 am Saturday, May 9, 2026

By Andrea Watts The Daily World

When attempting to access their Canvas account, college professors were directed to a message that the system was undergoing scheduled maintenance.
1/2

When attempting to access their Canvas account, college professors were directed to a message that the system was undergoing scheduled maintenance.

When attempting to access their Canvas account, college professors were directed to a message that the system was undergoing scheduled maintenance.
Grays Harbor College Some Grays Harbor College data has been hacked.

On May 5, Inside Higher Ed published “‘PAY OR LEAK’: Hackers Target Big Higher Ed Vendor,” which reported that Instructure, which owns Canvas, was breached by ShinyHunters, who claimed that nearly 9,000 schools were affected.” Canvas, as described by Infrastructure, is “the #1 LMS [Learning Management System] in North America — with powerful tools for course creation, grading, collaboration, and mobile learning.”

Although Infrastructure reported fixing the breach, the hackers returned on Thursday, as reported by Kathryn Palmer in the follow-up article “Hackers Target Canvas—Again.” College professors posted on Bluesky that they were unable to access Canvas and enter grades or grade papers. Many also saw the following message while they were logged into their account.

“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches. If any schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked. Instructure still has until EOD 12 May 2026 to contact us.”

Grays Harbor College is among the colleges that use Canvas, and clicking on the Canvas link on their website Thursday resulted in an error message. The College issued the following news alert on Thursday afternoon.

“Grays Harbor College is sharing an update on a security incident involving Canvas, the learning management system used at our college and at colleges across the country.

On May 7, Instructure — the company that operates Canvas — notified Grays Harbor College that an unauthorized third party obtained data associated with their Canvas environment. This incident was not specifically directed at Grays Harbor College. Instructure serves many institutions, and this appears to be a vendor-driven incident affecting multiple education customers. Instructure has stated that the broader incident affected many institutions in the United States. Instructure has reported that the attack occurred on April 25; that the company detected the attacker on April 29; and that access was revoked and the underlying vulnerability was addressed on April 30. Federal law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has been notified by Instructure.

Based on the information Instructure has provided to us so far, the data involved may include personal information; however, Instructure has not yet provided the exact data elements or affected user count for our college. Instructure has stated publicly that, across the broader incident, names, email addresses, student ID numbers, and user-to-user Canvas messages were potentially involved. The college has asked Instructure to confirm specifically what was involved, including whether Canvas messages were affected and how many users were impacted, and that the college will share additional information as they receive it.

What was reportedly not involved: Instructure has stated that there is no indication that passwords, dates of birth, Social Security numbers, or financial account information were involved. If Instructure’s findings change, the college will update affected community members.

Instructure has taken Canvas offline nationwide, it is not accessible at this time. The college is communicating directly with employees and students about next steps for communication and instructional needs.

Grays Harbor College is working with the State Board for Community and Technical Colleges (SBCTC), to press Instructure for additional information about what was specifically involved at the college. They will provide further updates on this page as additional confirmed information becomes available.

Anyone with questions can contact the college Public Relations office at publicrelations@ghc.edu or call 360-538-4151. Out of an abundance of caution, members of the community are encouraged to be alert to phishing attempts or unexpected messages requesting personal information.

With many higher education institutions entering the final weeks of the academic year, having Canvas become unaccessible will be disruptive. Yesterday, South Puget Sound Community College posted on Facebook that all online instruction will be paused on Friday, but in-person classes and labs will be held. Additionally, online assignments and due dates are also paused.

At time of writing, Instructure reports that Canvas is available for most users. The last day of instruction for spring quarter for Grays Harbor College is June 22.

You Might Like