Students at University of Pennsylvania experienced widespread disruptions Thursday afternoon after access to the school’s Canvas learning platform was interrupted amid an apparent cyberattack linked to the hacker group ShinyHunters.

The incident follows claims made by ShinyHunters last week that the group had breached Instructure, the company behind the Canvas educational platform used by universities worldwide.

Visitors to Penn’s Canvas page were briefly met with a warning message allegedly posted by the hackers, claiming responsibility for the breach and threatening to release stolen data unless affected institutions contacted the group before May 12. The message accused Instructure of failing to fully address security vulnerabilities after earlier incidents.

Later in the afternoon, the warning disappeared and was replaced by a notice stating that Canvas was undergoing “scheduled maintenance.”

According to reports, the cybercriminal group claims to have accessed information tied to hundreds of millions of users globally, including approximately 306,000 Penn affiliates. The allegedly compromised data includes names, email addresses, Penn ID numbers, and course enrollment information.

The situation escalated after samples of purportedly stolen Penn-related data were reportedly shared online, including user account information and internal communications between students and faculty members.

Penn officials said the university’s Information Security team is working alongside the affected vendor, cybersecurity specialists, and law enforcement agencies to evaluate the scope and potential impact of the breach.

This is not the first time ShinyHunters has targeted the university. In late 2025, the group claimed responsibility for another cyberattack involving internal university documents, donor information, and confidential records. The earlier breach became public after spam emails criticizing university policies were sent from accounts connected to Penn’s Graduate School of Education.

Earlier this year, the group also alleged that the university declined to pay a multimillion-dollar ransom demand intended to prevent additional leaks of stolen files.

The investigation remains ongoing as cybersecurity experts continue assessing the incident and monitoring potential risks to students, faculty, and staff.