Education

A ‘little stressful’: U of I, suburban school students deal with Canvas outage caused by cyberattack

Posted May 08, 2026 10:00 am

Katlyn Smith

“I understand this situation adds new stress and uncertainty to the end of the academic year,” Provost John Coleman wrote University of Illinois Urbana-Champaign students about the Canvas outage. Courtesy of University of Illinois

When Talia Giorno, a junior at the University of Illinois Urbana-Champaign, tried to log in to Canvas to prepare for her final exams, she encountered what she thought was a short outage.

It turns out a global cyberattack had taken Canvas, a learning management system, offline at institutions across the country, the university told students.

“Luckily, my professors were able to give some materials over, but it’s definitely not the best timing. I’m a little bit stressed,” Giorno said Friday.

The Elmhurst native has two finals on Monday, and both are “kind of rigorous.” That’s an understatement: Giorno studies systems engineering and design.

“In terms of not having a centralized location where I can find all the resources is definitely throwing me off a little bit,” she said.

The University of Illinois at Urbana-Champaign postponed all final exams and assignments, including papers and projects, scheduled for Friday or this weekend. The University of Notre Dame student newspaper also reported that faculty administering exams via Canvas were advised to “transition to alternate methods for delivering them.” Northwestern University’s IT department shared a how-to for instructors on teaching without Canvas.

The outage hit not only higher academia. It also disrupted suburban Chicago school districts.

“Our discussions with peer institutions, security experts, and the vendor will also continue as we prepare to reconnect Canvas in a way that protects both personal and institutional data,” Northwestern University’s IT Services wrote in an update. AP/Business Wire file

Instructure, the company behind Canvas, which is used to manage grades, course notes, assignments, lecture videos and more, said in an update late Thursday that the system was available for most users.

In a post on Friday, Lake Zurich Unit District 95 said it’s instituting additional internal security measures before allowing access to the Canvas platform.

Lake Zurich Community Unit School District 95 in Lake Zurich posted details on its website about the Canvas outage. Courtesy of Lake Zurich District 95

“They have recruited forensics experts to investigate the breach and understand its impact on nearly 9,000 schools, including ours,” Stevenson High School District 125 said in a message to families. “Enhanced monitoring and detection controls were also put in place to further secure its platform as teachers and students continue using the system.”

Indian Prairie District 204 primarily uses Canvas for its summer school program for high schoolers. The district notified about 2,200 students who are currently active users in the system, said Rodney Mack, the district’s chief technology officer.

The Aurora-based district was notified Tuesday by Canvas of a “cybersecurity incident involving unauthorized access to certain information stored within their systems,” the Mack wrote families Friday.

“At this time, Canvas has informed us that our district may have been impacted, and their investigation remains ongoing,” he added.

Indian Prairie Unit District 204 includes Neuqua Valley High School. Daily Herald file photo

Based on the information currently available from Canvas, the data potentially accessed may include full names and email addresses, course enrollment information and Canvas messages between users.

Canvas has stated that, currently, there is no indication that passwords, dates of birth, government identification numbers, or financial information were involved, according to the district.

As part of their response, Canvas has engaged third-party forensic experts to investigate the attack; notified federal law enforcement and cybersecurity agencies; revoked compromised access and addressed the identified vulnerability; and implemented additional monitoring and security protections across their platform, Mack wrote.

District 204 has not yet received organization-specific details identifying which records may have been accessed.

“The safety and privacy of student information remain extremely important to IPSD 204,” the message read. “Our Technology Department is actively monitoring the situation, reviewing vendor security practices, and working with Canvas to better understand any potential impact to our students and staff.”

In an email this week, Elgin Area Unit District 46 advised parents to update their passwords on their Canvas Observer accounts. Employees and students were advised to update their Google password, which would also update their Canvas account passwords, Jim Wolf, U-46’s director of information services. wrote.

U-46 has “robust measures” such as two-factor authentication and internal controls to protect its own internal systems but cannot prevent cyber attacks on third-party platforms.

“We understand this news is concerning,” Wolf wrote, adding that the district will update parents with any developments.

University of Illinois students walk across the Main Quad on the campus in Urbana. AP file

The University of Illinois Urbana-Champaign noted the attack was not directed at the school specifically.

“Illinois is one of thousands of universities currently experiencing the same issue,” Provost John Coleman wrote.

Giorno thought about the international or out-of-state students who potentially have to rearrange plans to get back home. She seemed to have already learned a life lesson before the outage.

“It’s a little stressful, but I’m honestly not too worried,” she said. “I think that everyone’s kind of in the same boat, so I don’t want to worry too much about things I can’t control with Canvas.”

• Daily Herald correspondent Alicia Fabbre, The Associated Press and Daily Herald staff writer contributed to this report