Cyberattack on Canvas Platform Disrupts Finals, Causes Chaos
▼ Summary
– A cyberattack disrupted the Canvas learning platform during final exams, causing chaos at US schools and colleges.
– Instructure took Canvas offline after detecting unauthorized activity, linked to the same threat actor behind a prior data breach.
– Stolen data included user names, emails, student IDs, and messages, but not passwords or financial information.
– Ransomware group ShinyHunters claimed responsibility, stating it accessed data from 275 million people across 8,800 schools.
– The outage forced schools like the University of Illinois and UMass Dartmouth to postpone or reschedule exams.
A wave of disruption swept across U.S. schools and colleges on Thursday as a cyberattack on the Canvas online learning platform struck just as students were preparing for final exams, causing widespread chaos.
Canvas’s parent company, Instructure, confirmed Friday morning that the platform had been restored. The company stated it took Canvas offline on Thursday after detecting unauthorized activity within its network. The attacker was the same group responsible for a data breach Instructure had disclosed a week earlier. The compromised data includes user names, email addresses, student ID numbers, and messages exchanged on the platform. Instructure emphasized that there is no evidence that passwords, dates of birth, government identifiers, or financial information were accessed.
Schools and colleges scrambled to respond. A ransomware group calling itself ShinyHunters claimed responsibility for the breach on its dark web site, alleging it stole data from 275 million people associated with 8,800 schools.
As students attempted to access Canvas for final exams Thursday, login pages displayed a ransom demand. The message claimed Instructure had ignored the group’s earlier demands and encouraged individual schools to negotiate directly. The outage sent institutions into emergency mode. The University of Illinois postponed all final exams and assignments scheduled for Friday, Saturday, and Sunday. The University of Massachusetts Dartmouth rescheduled or extended due dates for exams. The University of California system directed all its campuses to take protective steps.
Canvas is not the only learning platform to suffer a cyberattack. Last year, PowerSchool, which provides cloud-based software to 60 million students across 16,000 K–12 schools worldwide, disclosed a breach that exposed years of sensitive data, including names, addresses, and disciplinary records.
ShinyHunters has operated for years as a loose collective. In 2024, it stole a trove of credentials and other data from cloud storage provider Snowflake and used it in follow-on breaches of Snowflake customers, including TicketMaster.
(Source: Ars Technica)
