Massive Canvas cyberattack leaves NJ college students locked out before exams

💻Rutgers students lost access to Canvas as finals and major project deadlines loom

💻Hackers claiming ties to ShinyHunters threatened schools

💻Princeton, Rowan, Montclair State and other NJ colleges were also impacted

A platform used by students at Rutgers University and 9,000 colleges in New Jersey and worldwide to submit assignments and take exams was hacked and made inaccessible as the semester winds down.

Rutgers’ IT Office acknowledged the interruption, said individual campuses will communicate a plan to students about exams and submitting coursework. The cloud-based Canvas run by a company called Infrastructure is also used to communicate with professors and report grades.

"The university understands that student exams, project submissions, and other efforts may have been interrupted due to this incident," the Rutgers IT office said in a statement.

As of 10:30 a.m. Friday morning the Rutgers IT office had not updated its alert. Bergen Community College users were also greeted with the message that their accounts were not accessible.

ALSO READ: NJ pulls anti-Trump license plate that MVC approved

ShinyHunters ransomware attack targets colleges nationwide

Canvas at other affected New Jersey schools seems to be coming back online.

Princeton University's IT office says Canvas had been restored for its students late Thursday night but it continues to monitor the platform.  The outage at Princeton occurred less than 24 hours before the school's final assessment period, according to The Daily Princetonian.

Access was also restored for Rowan University students. Other New Jersey schools affected include Montclair State and Union College.

A hacking group named ShinyHunters has taken responsibility for what it calls a ransomware attack. Students trying to log into their Canvas account see a message that ShinyHunters breached the infrastructure, which requires "security patches" to solve the problem. Affected schools are told to them to "negotiate a settlement" by May 12 before "everything is leaked."

Luke Connolly, a threat analyst at the cybersecurity firm Emisoft, described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including one aimed at Live Nation’s Ticketmaster subsidiary.

(Includes material Copyright 2026 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)

Report a correction 👈 | 👉 Contact our newsroom