Oxford, Cambridge, and other major UK universities hit by global hack
Key Points
- Prestigious UK universities including Oxford, Cambridge, and Hertfordshire have been hit by a major global data breach affecting Instructure’s Canvas learning platform.
- The ShinyHunters group stole names, emails, student IDs, and private messages of millions of students and staff across nearly 9,000 institutions worldwide.
- No passwords or financial data were taken, but affected users are advised to stay alert for phishing and enable multi-factor authentication.
Prestigious UK institutions including the University of Oxford and the University of Cambridge are among thousands of educational organisations worldwide affected by a major hack.
This follows a data breach at Instructure, the company behind the widely used Canvas learning management system (LMS).
The breach, claimed by the notorious cybercrime group ShinyHunters, has exposed personal data belonging to millions of students, teachers, and staff. Reports suggest nearly 9,000 educational institutions and up to 275 million records may be impacted.
According to Instructure, the compromised information includes:
- Names
- Email addresses
- Student ID numbers
- Private messages and communications exchanged within the Canvas platform
Importantly, there is no evidence that passwords, financial information, dates of birth, or government-issued IDs were accessed.
UK universities confirmed affected
High-profile UK victims publicly linked to the incident include:
- University of Oxford
- University of Cambridge
- University of Hertfordshire
These join an extensive global list that also features elite US institutions such as Harvard, MIT, Stanford, and others. The full list of affected Canvas instances spans the UK, US, Australia, Sweden, and additional countries.
While not every UK university uses Canvas, those relying on the cloud-hosted platform were potentially exposed. Detailed per-institution impacts for UK schools and further education colleges have not yet been widely publicised.
How the attack unfolded
ShinyHunters claimed responsibility in early May 2026 and initially demanded ransom payments from Instructure, threatening to leak the data.
The group later published a large list of affected institutions and, in some cases, defaced Canvas login pages with ransom demands.
Instructure confirmed the cybersecurity incident, took affected systems into maintenance mode temporarily, and stated that it has contained the breach. The company is working with law enforcement and forensic experts.
A ransom deadline of around 12 May 2026 was mentioned in hacker communications, raising concerns about potential further data leaks.
Advice for affected students and staff
Institutions are urging users to:
- Remain vigilant against phishing attempts using any stolen personal details
- Enable multi-factor authentication (MFA) wherever possible
- Monitor accounts for suspicious activity
- Avoid clicking on links in unsolicited emails claiming to be from Canvas or their university
Students or staff studying at or affiliated with affected international universities should contact their institutions directly for specific guidance.
