Cork Universities Among Those Affected by Global Canvas Data Breach

Several Irish universities, including institutions in Cork, are among those impacted by a global cybersecurity breach of Canvas, the online learning platform used by colleges across Ireland and worldwide.

Canvas is operated by US-based education technology company Instructure. The company first disclosed that it had experienced a cybersecurity incident on 1 May 2026. The cybercrime group ShinyHunters has since claimed responsibility for the attack.

Munster Technological University (MTU), which has campuses across Cork and Kerry, has been informed by Instructure that it is one of the institutions impacted. In a statement published on its website, the university said:

Munster Technological University:

"MTU is engaging with Instructure to understand the nature and extent of any potential impact on the University community. We are communicating directly with students and staff and advising them to remain vigilant, particularly in relation to suspicious emails, links or attachments."

The university has directed staff and students to its dedicated information portal at cybercare.mtu.ie for further guidance.

University College Cork (UCC), which also uses Canvas, has confirmed it is monitoring the global incident. In a notice posted on its system status page on 5 May 2026, UCC IT Services said:

University College Cork:

"IT Services is aware of a security incident involving Canvas, the university's virtual learning environment. We are actively monitoring updates from the platform provider, Instructure and assessing any impact to university services. This is a global event affecting multiple institutions. At present, UCC has not been notified of any direct impact to our university or data. Canvas remains available and operational. No impact to other UCC systems has been identified and staff and students should continue to use Canvas as normal."

In a 2 May 2026 update on its official status page, Instructure provided the following statement on the nature of the data involved:

Steve Proud, Chief Information Security Officer, Instructure:

"While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions."

On 7 May 2026, ShinyHunters defaced the Canvas login pages of a number of institutions globally with a message threatening to release stolen data unless a ransom is paid by end of day on 12 May 2026. Instructure has since said Canvas is fully operational again.

Students and staff at affected institutions are urged to remain alert to phishing attempts, scam emails, or unsolicited messages referencing their college, course, or coursework. Suspicious links and attachments should not be opened, and anyone with concerns should contact their institution through its official channels.

Updates from Instructure are available at status.instructure.com.