Cyberattack targets multiple Michigan schools, universities in massive ransomware strike

By FOX 2 Staff
Published  May 7, 2026 5:51pm EDT
FOX 2 Detroit
Loading Video…

This browser does not support the Video element.

Hackers threaten to leak data of 275 million students

Instructure, an educational technology company known for creating Canvas, announced they were the victim of a cybersecurity breach on May 1. Canvas is a learning management system widely used in school districts and colleges across the globe.  The attack on May 1 was resolved. However, the hacker group known as ‘ShinyHunters’ claimed to be behind the incident, putting out a list of the alleged school districts and colleges that were affected.

The Brief

    • A third party data breach has allegedly affected thousands of schools across the country, including many in Michigan.
    • Instructure, an educational technology company known for creating Canvas, announced they were the victim of a cybersecurity breach on May 1.
    • Students and papers across the country began reporting the hacks on social media, some from Columbia University and Mississippi State.

(FOX 2) - Thousands of school districts and universities, including many in Michigan, were the victim of a massive third-party cyberattack.

8,950 entities claimed to have been affected across the nation according to the hacker group.

Big picture view:

Instructure, an educational technology company known for creating Canvas, announced they were the victim of a cybersecurity breach on May 1. Canvas is a learning management system widely used in school districts and colleges across the globe. 

The attack on May 1 was resolved. However, the hacker group known as ‘ShinyHunters’ claimed to be behind the incident, putting out a list of the alleged school districts and colleges that were affected.

Students and papers across the country began reporting the hacks on social media, some from Columbia University and Mississippi State. 

The list shows the names of thousands of alleged victims, including:

  • University of Michigan — Ann Arbor & Flint
  • Wayne State University
  • Michigan State University
  • Michigan Technological University
  • Eastern Michigan University
  • Lake Michigan College
  • Michigan Initiative for Cyber Education
  • Michigan Community Health Worker Alliance
  • Michigan Workforce Training and Education Collaborative
  • Michigan Islamic Academy
  • Michigan Canvas Users Group
  • Michigan Virtual
  • Michigan Online School
  • Michigan Career and Technical Institute
  • Michigan Commission on Law Enforcement Standards
  • Macomb Community College
  • Grand Valley State
  • Kalamazoo College
  • Madonna University
  • Saginaw Valley
  • Hillsdale College
  • Concordia University
  • Adrian College

This list will update as FOX 2 searches for more Michigan schools affected.

Dig deeper:

The University of Michigan and Wayne State have confirmed the breach has affected them. 

As of May 7, Instructure says Canvas is fully operational and there has been no ongoing unauthorized activity. They recommend those possibly affected to "follow security best practices, including enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where applicable."

FOX 2 has not yet been able to independently verify some of the list put out by ShinyHunters, but students and student publications at several of the schools on the list have already posted screenshots showing the "ransom" message from ShinyHunters as they try to access web services.

Watch FOX 2 Detroit LIVE:

Loading Video…

This browser does not support the Video element.

The Source: FOX 2 used information from Instructure and multiple posts on social media in this report.

Crime and Public SafetyEducationDetroitInstastories