Learning management platform Canvas, which will be used by Elon University beginning fall 2026, was affected by a nationwide cyberattack May 7. The hacking group, known as ShinyHunters said in a ransom letter on May 3 that it accessed data from more than 275 million people across nearly 9,000 schools. 

Canvas’ parent company, Instructure, announced May 1 that it had experienced a “cybersecurity incident.” Instructure said this attack compromised personal identifying information such as names and student ID numbers, but only Elon faculty data was impacted, according to Associate Vice President of Information Technology Christopher Waters.

Waters told Elon News Network that as Elon prepares to transition to Canvas from Moodle, only faculty data of who can create courses has been loaded onto the platform so far. 

“If we had any concerns about loss, it would only be that if the person who broke into Canvas captured Elon email addresses, people could just get spam,” Waters said. “There’s no damage, there’s no passwords, there was nothing like that. So the system is locked and safe.”

Waters said the university was fortunate enough to not be fully launched, so only email addresses would be impacted, no other private information. Waters urged the campus community to be vigilant, and be wary if they get an email from someone claiming to be Canvas. 

Waters said he isn’t too concerned about breaches like this being a consistent problem in the future for Elon.

“Certainly in the world we're living in right now, it's happening so often, in so many places with large systems that we just continue to provide educational opportunities to increase awareness, to be suspicious, but I don't worry about it,” Waters said. “Sometimes, if an incident like this happens, it charges a vendor to buckle up their own shop even tighter.”

Security was a big part of the decision-making process when choosing to transition over to Canvas, Waters said.

“Canvas is a stable industry leader in the marketplace,” Waters said. “We definitely have confidence, we just always have to stay attuned to what’s happening around the ecosystem of learning,” Waters said. 

The timeline of moving over to Canvas will not be affected by the breach, according to Waters.

The Alamance-Burlington School System, which uses Canvas, put out a statement on the breach May 8, saying that it is currently monitoring the breach. 

“At this time, Canvas is not available and should not be accessed by students, staff, or parents/guardians,” the school district wrote. “We are urging everyone not to respond to notifications or emails from Canvas. Please await more information from ABSS before attempting to access the system again.”

ABSS spokesperson Emily Lynn-Adkins did not respond to ENN’s request for comment.