On 7–8 May 2026, Canvas went offline during finals week. Not a server failure — ShinyHunters defaced over 330 institutional login pages with an extortion message, and Instructure shut the entire platform down. Universities across North America, Europe, and Asia-Pacific scrambled to reach students through channels that didn’t depend on an LMS they could no longer access.
The Canvas breach is covered separately. This article is about the operational question: which institutions had continuity plans and which improvised, and what did successful academic continuity actually look like?
What Actually Happened When Canvas Went Down on 7–8 May 2026?
On 7 May, students started posting screenshots of defaced Canvas login pages at around 1:20 PM Pacific time. ShinyHunters directed schools to negotiate via Tox — an encrypted messaging platform favoured by cybercriminals — to resolve the breach. Instructure responded by shutting the platform down. By 8 PM Eastern, the extortion message had been replaced with a maintenance alert. Canvas was restored for most users just before midnight, though some campuses stayed on partial access into Friday.
The exploit vector was the Free-For-Teacher account functionality — the same vulnerability ShinyHunters had used in a breach on 29 April, thought to have been contained.
Damon Linker, a senior lecturer at the University of Pennsylvania, put it plainly: “Canvas is down. Every reading this semester… as well as every grade and submitted assignment, is on Canvas. Dead in the water here in academia right now.”
Standard uptime monitoring watches for infrastructure degradation. A vendor-initiated security shutdown produces no warning signal — it can’t be anticipated from system health metrics at all. For what happened on May 7 in full, see the companion account.
Which Universities Suspended Finals — and What Did They Actually Do?
At least six named institutions cancelled or postponed Canvas-dependent assessments within 24 hours.
UIUC: Provost John Coleman postponed all final exams and assignments — papers, projects, the lot — for Friday, Saturday, and Sunday, even for classes not using Canvas, explicitly “for consistency and clarity.”
Baylor University: Provost Nancy Brickhouse rescheduled all Friday exams to the following Thursday and directed faculty to export grade books, download course materials, and send students whatever they had locally. The delays cascaded into housing logistics — Baylor’s dorm move-out deadline is tied to a student’s last final.
Arizona State University: Cancelled all Canvas-administered exams scheduled for Friday and Saturday.
University of California System: Directed all campuses to temporarily block Canvas access out of an abundance of caution, then made risk-based decisions about when to restore access campus by campus.
Penn State: Cancelled all exams being administered Thursday night and all day Friday, explicitly urging students to “check your emails (not Canvas) regularly.”
Other affected institutions included JMU, UTSA, the University of Houston, Harvard, UPenn, Northeastern, UT Dallas, Liberty University, Duke, MIT, Stanford, UCLA, and Northwestern. Internationally, UBC and at least eight Canadian universities were disrupted, along with 44 institutions in the Netherlands, five in Hong Kong, and universities in Australia, New Zealand, and the UK.
Two responses stand out. UBC began actively migrating staff and courses to Moodle and to SharePoint for course materials — the only documented case of an institution migrating to an alternative platform rather than simply waiting for Canvas restoration. Houston Independent School District (HISD) stood up a temporary Google Site for emergency curriculum access. HISD didn’t postpone; it built an alternative.
Why were most institutions without an alternative platform ready? That’s addressed directly in the companion article on why institutions had no alternative platform ready.
Which Institutions Had a Continuity Plan — and Which Improvised?
Available evidence documents what institutions did — not whether those actions followed pre-written procedures. There is no documented evidence that UIUC, Baylor, or ASU activated pre-existing LMS continuity plans rather than making real-time decisions. Fast and sometimes well-reasoned — but the origin in prior planning versus in-the-moment judgement is not established.
UBC is the clearest exception. A migration to Moodle and SharePoint requires pre-existing infrastructure — server provisioning, user authentication, faculty familiarity with the platform. That migration happened because the infrastructure was already in place. This is the strongest available evidence of a genuine continuity plan in the record.
Gary Perkins, writing for Continuity Insights, put the planning gap precisely: “How many organisations identified in their Business Impact Analysis that ‘loss of Canvas during finals week’ was a critical operational risk scenario? How many had alternate testing procedures?” His answer: for most institutions, very few.
Cliff Steinhauer at the National Cybersecurity Alliance identified the structural root cause: “The breach underscores how deeply schools now depend on centralised digital platforms to keep day-to-day academic operations running.”
The breadth of improvised responses — across institutions of very different sizes and resources — makes the conclusion clear. LMS continuity was not a named scenario in most Business Impact Analysis documents. This outage makes it one.
What Did Successful Academic Continuity Look Like in Practice?
“Successful” continuity didn’t mean exams proceeded on schedule. It meant students could access course materials and faculty could account for grades while Canvas was unavailable.
The common thread is decoupling. Institutions and individuals who had separated their content and grade data from Canvas before the outage fared materially better than those who treated Canvas as the sole repository for everything.
UBC’s Moodle migration is the highest-maturity response in the record. Course content remained accessible, faculty could continue teaching, and the institution was not dependent on Instructure’s restoration timeline. It required pre-existing infrastructure.
HISD’s Google Sites deployment shows that emergency content access doesn’t require a sophisticated alternative LMS. A temporary Google Site, stood up within hours, gave the largest school district in Texas curriculum access.
Baylor’s faculty directive converted an institutional decision into a recoverable state at the faculty level. By instructing staff to export grade books and distribute materials from local storage, Baylor ensured grades and content were no longer stranded exclusively inside Canvas.
Damon Linker’s personal workaround — uploading materials to Dropbox or Google Docs and maintaining an analogue grade book — is faculty self-help in the absence of institutional guidance. It worked because he was prepared to act without waiting for direction.
Why LMS Disaster Recovery Is Different From Standard IT Disaster Recovery
Standard IT disaster recovery rests on one foundational assumption: deadlines are flexible. An enterprise can defer a project by a week while systems are restored. A university cannot defer finals by three weeks.
💡 Recovery Time Objective (RTO): The maximum acceptable duration a system can be offline before the disruption produces unacceptable operational consequences. In most enterprise contexts, an RTO of 24–48 hours is workable. During finals week, the effective RTO is measured in hours.
The academic calendar constraint is what separates LMS disaster recovery from standard IT DR. Finals week carries hard, cascading deadlines — graduation timelines, housing contract end dates, faculty contract end dates, student travel commitments. A three-day Canvas outage during finals is operationally different from a three-day outage at any other point in the semester.
Canvas was restored for most users within approximately four hours — fast recovery in a narrow DR sense. But most affected institutions still couldn’t continue critical operations during the disruption. IT DR and academic continuity are parallel obligations, not sequential ones. Continuity planning must begin the moment an outage is declared.
Most institutional IT DR documents were written without “LMS down during finals week” as a named scenario. Adding it to the Business Impact Analysis is where the work begins.
What Should Your Institution Do Now? A Practical Response Guide
If Canvas Is Down Right Now
Activate emergency communications. Use institutional email and SMS — not Canvas announcements. Draft a holding message: “Canvas is unavailable. We will communicate exam and assignment status by [time].”
Direct faculty to export grade books now. A CSV grade book export takes minutes and means grades are no longer stranded. Issue this immediately, even if access is intermittent.
Identify what content exists outside Canvas. Ask faculty to share materials already in Dropbox or Google Drive. Get those links to students now, not after Canvas is restored.
Check whether your login page was defaced. Navigate to [institution].instructure.com. The ShinyHunters defacement appeared as a black screen with a ransom message. If the page shows the normal login interface, restoration has occurred — but also check Canvas Admin > Settings > Branding for any unauthorised customisation. Consult instructure.com/incident_update for institution-specific confirmation.
Commit to a specific decision timeline. Student anxiety during finals is high. “We are monitoring the situation” makes things worse. Name a time by which you will communicate a decision.
After Restoration: Security Actions
Rotate Canvas API keys and re-authorise integrations. Revoke all API keys, prioritising integrations with access to student data or grade records. Re-authorise LTI integrations individually and coordinate with your identity provider to rotate SSO credentials. Consult instructure.com/incident_update for breach-specific guidance.
Audit Free-For-Teacher accounts. Review whether your institution offered or linked these accounts and check for signs of compromise.
Sustain phishing awareness for at least 90 days. Stolen data remains usable long after systems are restored. Issue elevated guidance and maintain it.
Planning for Next Time
Add “Canvas unavailable during finals week” as a named BIA scenario. Produce a scenario-specific playbook — not just a general “LMS outage” entry.
Establish alternate content delivery infrastructure before an outage. UBC’s Moodle migration worked because Moodle was already provisioned. A lightweight Moodle instance, Google Classroom, or a pre-structured Google Drive hierarchy are all viable — but they must exist before a crisis.
Pre-define communication channels that function without the LMS. Maintain current email lists and SMS contact data outside Canvas.
Direct faculty to export grade books at the end of every assessment period. This works far better as a habit than as emergency response.
Set RTO targets that reflect academic calendar deadlines. Run tabletop exercises that simulate a third-party SaaS outage during a peak academic period — not a generic infrastructure failure.
The Broader Lesson: Any Mission-Critical SaaS With Calendar-Constrained Processes Faces This Risk
The academic calendar constraint is not unique to education. Any organisation with time-sensitive, calendar-bound critical processes and a single-platform dependency faces the same structural vulnerability.
Healthcare appointment systems during peak flu season can’t defer patient consultations while a SaaS platform is restored. Quarter-end financial reporting carries statutory deadlines that don’t wait for a vendor. Court-filing platforms at statutory cutoffs create non-deferrable obligations.
The Canvas outage is a worked example of something broader: when vendor dependency meets a hard deadline, the recovery window collapses — and standard incident response planning, written assuming flexible deadlines, fails. The full dimensions of this breach — from the attack itself to the structural risk that made it possible — are covered in the Canvas breach analysis.
If your organisation has a process that cannot be deferred by a week — and most do — your vendor disaster recovery planning needs to account for that explicitly. The question is not “what is our RTO?” It is “what is our RTO during the three weeks per year when deferral is impossible?”
For the full framework, see the companion article on calendar-sensitive incident response planning.
Frequently Asked Questions
Can my university cancel finals because of a Canvas outage? Yes — and several did. UIUC postponed all finals; Baylor rescheduled Friday exams to the following Thursday; ASU cancelled all Canvas-administered exams for Friday and Saturday. The decision is institutional, not a Canvas policy. The practical constraint is finding exam slots before graduation and housing deadlines cascade.
How do I check if my institution’s Canvas login page was defaced? Navigate to [institution].instructure.com. The ShinyHunters defacement appeared as a black screen with a ransom message. If the page shows the normal login interface, restoration has occurred — verify your status at instructure.com/incident_update.
What should we use instead of Canvas if it goes down again? Emergency substitutes documented in May 2026: Moodle (UBC — full course migration), Google Sites (HISD — emergency curriculum access), Dropbox and Google Docs (faculty-level materials), email (assessment delivery). The infrastructure must exist before the outage. A shared Google Drive folder circulated at the start of term costs nothing and provides fallback access.
How do I rotate Canvas API credentials after the breach? Revoke API keys in Canvas Admin, prioritising integrations with access to student data or grade records. Re-authorise LTI integrations individually and coordinate with your identity provider to rotate SSO credentials. Consult instructure.com/incident_update for May 2026-specific guidance.
How is LMS disaster recovery different from regular IT disaster recovery? Standard IT DR assumes deadlines are flexible. LMS DR during finals week operates on hard, cascading deadlines — graduation, housing, faculty contracts. The effective RTO is hours, not days. Add “Canvas unavailable during finals week” as an explicit Business Impact Analysis scenario with a named playbook.
What is academic continuity planning and does my institution need it? Academic continuity planning keeps teaching and learning running during disruptions to primary delivery infrastructure — it’s distinct from IT DR, which just restores systems. These are parallel obligations. Every institution using a cloud-based LMS for credit-bearing assessments needs one. The May 2026 outage documented what improvisation looks like in practice.
Which universities were affected by the Canvas outage in May 2026? Named US institutions include UIUC, Baylor, ASU, UC System campuses, Penn State, UPenn, Harvard, JMU, UTSA, University of Houston, Northeastern, UT Dallas, Liberty University, Duke, MIT, Stanford, UCLA, and Northwestern. In Canada, UBC and at least eight other universities were affected. Internationally: 44 institutions in the Netherlands, five in Hong Kong, and multiple universities in Australia, New Zealand, and the UK.
Was the Canvas outage caused by a hack or a technical failure? A deliberate security incident. ShinyHunters exploited a vulnerability in the Free-For-Teacher account tier to deface 330+ institutional login pages on 7 May. Instructure initiated the shutdown as a security response. Standard uptime monitoring would not have detected this failure mode.
How should we communicate with students and parents if Canvas goes offline? Pre-define communication channels that don’t depend on the LMS: institutional email, SMS alert, and the institution’s main website. The failure mode in May 2026 was that some institutions used Canvas announcements as their primary student channel — which became unavailable at the same moment as the platform. Prepare a holding message and a resolution message in advance; both should be sendable within 30 minutes.
What should faculty do to prepare for an LMS outage? Three low-effort actions: (1) Export the grade book as a CSV at the end of every assessment period; (2) Upload course materials to a Dropbox or Google Drive folder with a shared link circulated to students at the start of term; (3) Keep your class roster’s contact information available outside Canvas. These work far better as pre-outage habits than as crisis response.
