Canvas, the tool many universities use for students to complete and submit assignments, is down at colleges and universities across Mississippi and throughout the United States. A cyber criminal group is claiming credit and demanding a ransom.

As final exams began Thursday at Mississippi State University, The Reflector reported that students began receiving a message from a hacker group called ShinyHunters, claiming they had infiltrated university data on their Canvas pages.

Mississippi State University students received this message when they logged onto Canvas on May 7, 2026. Courtesy The Reflector

“ShinyHunters has breached Infrastructure (again). … If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm to contact us privately at TOX to negotiate a settlement. You have until the end of the day by 12 May 2026 before everything is leaked.”

Other targeted Mississippi universities include Delta State University, the University of Southern Mississippi, Mississippi Gulf Coast Community College, the University of Mississippi Medical Center, East Mississippi Community College, Southwest Mississippi Community College, Mississippi University for Women, Mississippi College and Mississippi Valley State University. The Mississippi School for Mathematics and Science, a statewide public residential high school, was also on the list of schools the group says it targeted, as well as some state agencies and other entities.

The attack on Mississippi universities is part of a wave of attacks that Instructure, the company that owns Canvas, confirmed began on May 1, while also saying that ShinyHunters had stolen data in those earlier attacks.

“While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users,” Instructure said on May 3. “At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.”

TechCrunch reported on May 5 that the hackers claimed the attack had affected 275 million people’s data.

In a campus email on Thursday evening, University of Southern Mississippi Vice President for Student Affairs and Enrollment Management Kristi Motter said the university was aware of the issue late Thursday afternoon.

“Faculty have been informed of the situation and instructed to work with students on exams/assignments,” the email said. “More information will be released as it becomes available.”

Not all Mississippi universities are affected. The University of Mississippi, for example, uses Blackboard instead of Canvas and is not affected by the attack.

Award-winning News Editor Ashton Pittman, a native of the South Mississippi Pine Belt, studied journalism and political science at the University of Southern Mississippi. Previously the state reporter at the Jackson Free Press, he drove national headlines and conversations with award-winning reporting about segregation academies. He has won numerous awards, including Outstanding New Journalist in the South, for his work covering immigration raids, abortion battles and even former Gov. Phil Bryant’s unusual work with “The Bad Boys of Brexit" at the Jackson Free Press. In 2021, as a Mississippi Free Press reporter, he was named the Diamond Journalist of the Year for seven southern U.S. states in the Society of Professional Journalists Diamond Awards. A trained photojournalist, Ashton lives in South Mississippi with his husband, William, and their two pit bulls, Dorothy and Dru.