Tasmania’s public school system has lost access to its main online learning platform this morning, as the fallout from a global cyberattack on Canvas deepens.
The Department for Education, Children and Young People said access to Canvas was cut off on Friday morning as a result of the ongoing incident affecting the platform’s US-based owner, Instructure.
“As of this morning access to the system is no longer available,” the department said.
“This is a result of the ongoing cyber security incident and we are urgently seeking an update from Instructure.”
“At this point in time we do not know when the system will be back online.”
Canvas is used to deliver, manage and track learning for staff and students across Tasmanian schools and some department business units.
The department said there was no evidence so far that passwords, dates of birth or financial information had been accessed.
“Instructure has advised that names, email addresses and school locations for staff and students since 2020 may be implicated in this incident,” the department said.
TasTAFE, which also uses Canvas, confirmed on Thursday that data in its system had been “accessed”.
“TasTAFE has been advised that data in its Canvas learning system has been accessed as part of a cyber incident affecting our vendor, Instructure,” it said.
“This incident relates to Instructure’s systems – there is no breach of TasTAFE systems.”
The training provider urged students and staff to stay alert to scams, avoid sharing personal information and steer clear of suspicious links.
Instructure first disclosed the breach in late April and confirmed on May 2, 2026 that user data had been exposed.
The stolen data includes names, email addresses, student ID numbers and messages between users.
Extortion group ShinyHunters has claimed responsibility, listing Instructure on its dark web leak site.
The group claims it took 3.65 terabytes of data covering 275 million people across nearly 9,000 schools worldwide.
