ORLANDO, Fla. — Several Central Florida schools and universities are on high alert after a hacker group claimed it breached Canvas-- the online learning platform used by millions of students and teachers for assignments, grades, and class communication.
The alleged cyberattack has sparked growing concerns that sensitive personal information belonging to students, parents, and educators could be at risk.
Orange County Public Schools temporarily disabled access to Canvas Thursday “out of an abundance of caution,” according to district officials. Other institutions across the region are also investigating whether their systems or user data may have been compromised.
Those schools include the University of Central Florida, Valencia College, Seminole County Public Schools, Marion County Public Schools, and Orange County Public Schools.
The situation comes at a critical time as many schools are in the middle of final exams and preparing to wrap up the academic year.
Tiffany Pinto, a student at Valencia College, says she first realized something was wrong while checking her grades online. “I went on my computer to check my grades from the spring semester and then I saw it,” Pinto said.
Shortly afterward, she learned the system Valencia College uses for assignments and grades could have been part of a worldwide data breach.
“I feel honestly so lost. I feel so scared,” Pinto said. “I’m a very young adult. I just started life and this happens.”
Emsisoft threat intelligence analyst Luke Connolly says posts appearing on the dark web were allegedly made by the cybercriminal group ShinyHunters.
The hackers claim it stole data from nearly 9,000 schools worldwide.
According to Connolly, the allegedly stolen information could include social security numbers, student grades, and private conversations between teachers, students, and parents.
“That’s the sort of thing that can be used in an attempt to extort either the school board, a school, the administrators, the teacher, or the student or the students’ parent,” Connolly
Connolly warns students and parents who use Canvas should take steps immediately to protect themselves from possible identity theft or fraud.
“Whether it’s implementing a credit watch to make sure that no one tries to open a new account on their behalf,” Connolly said.
Cybersecurity experts believe the group behind the attack is made up largely of young adult and teenage hackers based in the United States and the United Kingdom.
The hacker group is demanding payment from Canvas in exchange for not releasing the stolen data. It appears Canvas has not paid the ransom. A new message posted on the Dark Web reportedly gave Canvas a new deadline of next Tuesday.
Connolly says paying cybercriminals is not recommended. You’re dealing with criminals at the end of the day.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
©2026 Cox Media Group
