Listen to the article
Thousands of educational institutions faced major disruptions Thursday when Canvas, a widely used learning management system, went offline during a cyberattack, leaving students unable to access critical study materials as final exams approach.
The hacking group ShinyHunters claimed responsibility for the breach, according to Luke Connolly, a threat analyst at cybersecurity firm Emisoft. The group boasted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records reportedly compromised.
Instructure, the company behind Canvas, has not publicly responded to questions about whether the system was deliberately taken down as a precautionary measure or disabled by the hackers themselves. The company has also remained silent about the attack on its social media channels.
Canvas serves as a crucial digital infrastructure for educational institutions, housing everything from grades and course notes to assignments and lecture videos. As news of the outage spread, panicked students took to social media platforms, expressing concern about their inability to access materials needed for upcoming final exams.
According to Connolly, ShinyHunters began threatening to leak the stolen data as early as Sunday, setting deadlines of Thursday and May 12. The extended deadline suggests that negotiations regarding potential extortion payments may still be underway.
The incident highlights the increasing vulnerability of educational institutions to cybercrime. Rich in digitized data, schools and universities have become prime targets for criminal hackers who can remotely access sensitive information that was once secured in physical filing cabinets. Similar high-profile attacks have previously targeted Minneapolis Public Schools and the Los Angeles Unified School District.
Connolly noted striking similarities between this attack and a previous breach at PowerSchool, another provider of learning management tools. In that case, a Massachusetts college student was charged. He described ShinyHunters as a loose network of teenagers and young adults based primarily in the United States and United Kingdom. The group has also been linked to attacks on other major platforms, including Live Nation’s Ticketmaster subsidiary.
As the situation unfolded, educational institutions scrambled to notify students and parents. The University of Iowa’s College of Public Health described it as “a national-level cyber-security incident” in communications to students, expressing hope for a swift resolution.
Virginia Tech acknowledged the impact on final exams in notices to students, while the University of New Mexico sent similar messages to its campus community. The University of Florida urged students to remain vigilant about potential phishing attempts disguised as Canvas communications.
The timing of the attack has been particularly disruptive as it coincides with the end of the academic year when students rely heavily on the platform. Damon Linker, a senior lecturer in political science at the University of Pennsylvania, noted on social media that his students had been depending on Canvas to access the semester’s readings and lecture slides before Monday finals. “We’re dead in the water here in academia right now,” he wrote.
The impact extended to prestigious institutions like Harvard University, where the student newspaper reported system outages, and Johns Hopkins University, where students encountered error messages when attempting to view their final grades.
Public school districts also moved quickly to communicate with parents, with officials in Spokane, Washington assuring families they weren’t “aware of any sensitive data contained in this breach.”
Some institutions have taken immediate action to mitigate the disruption. The University of Texas at San Antonio announced it would postpone Friday finals in response to the ongoing outage, providing students with additional time to prepare using alternative resources.
The Canvas breach represents the latest in a concerning trend of cyberattacks targeting educational infrastructure, underscoring both the sector’s growing reliance on digital platforms and its vulnerability to sophisticated hacking operations.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
9 Comments
It’s concerning to see hackers targeting education systems in this way. I hope the authorities are able to investigate the incident thoroughly and hold the perpetrators accountable.
This is certainly a worrying development. Cyberattacks on critical education infrastructure can have major consequences for students trying to complete their studies. I hope Instructure is able to restore the Canvas system quickly and securely.
Agreed. Securing educational technology platforms should be a top priority to ensure continuity of learning, especially during exam periods.
The timing of this attack, with students preparing for final exams, is particularly disruptive. I wonder if there are any steps schools can take to mitigate the impact and help students access the materials they need.
That’s a good point. Schools may need to consider alternative solutions, like distributing materials directly or extending deadlines, to support students affected by the outage.
This is a stark reminder of the importance of robust cybersecurity measures for all critical infrastructure, including in the education sector. Hopefully, this incident will spur improvements to protect against future attacks.
Cyberattacks on education systems are particularly troubling. I hope this incident leads to a renewed focus on cybersecurity in the sector and better protections for students and teachers.
The impact on students preparing for finals is truly unfortunate. I wonder if there are any steps Instructure can take to prioritize restoring access for those most affected by the outage.
Good point. Instructure should work closely with schools to find ways to minimize disruption for students during this critical time.