Thousands of schools and universities across the U.S. experienced widespread outages on Thursday after a cyberattack targeted Canvas, a major online learning management system operated by Instructure. The disruption affected students’ access to course materials, grades, assignments, and lectures during critical final exam periods.
The hacking group ShinyHunters claimed responsibility for the breach, according to Luke Connolly, a threat analyst at cybersecurity firm Emisoft. The attackers reportedly accessed and exfiltrated vast amounts of sensitive data, including billions of private messages and school records from nearly 9,000 affected institutions worldwide.
Several prominent universities confirmed they were impacted, including Penn State, the University of Wisconsin-Madison, Columbia University, Union College (New Jersey), UCLA, Northwestern University, the University of Chicago, the University of Illinois, and Harvard University. Public school districts such as those in Spokane, Washington, also reported disruptions but stated they were not aware of any compromised sensitive data.
Penn State notified students that they had no access to Canvas and that no resolution was expected within 24 hours. The university canceled all tests scheduled for Thursday and Friday at its Pollock Testing Center. UCLA and multiple Illinois-area universities reported similar outages hindering normal academic operations.
Instructure posted a status update late Thursday night indicating that Canvas was “now available for most users.” The company has not commented publicly on social media regarding the attack.
ShinyHunters reportedly threatened to release the stolen data if their demands were not met, setting initial deadlines for Thursday May 7 and a secondary deadline of May 12. This suggests ongoing negotiations related to extortion payments.
The group ShinyHunters is understood to be a loose affiliation of teenagers and young adults primarily based in the U.S. and the U.K. They have been linked to previous cyberattacks, including one against Ticketmaster’s parent company Live Nation. The Canvas breach bears similarity to a previous attack on PowerSchool, another educational software provider, which led to criminal charges against a college student in Massachusetts.
Why it matters
This cyberattack highlights the increasing vulnerability of educational institutions to hackers targeting digital systems that manage vast amounts of sensitive student data. The disruption during final exam periods complicates academic schedules and cuts off access to critical learning tools for millions of students nationwide. Schools now face the challenges of safeguarding data and restoring trust amid growing cybersecurity threats in the education sector.
Background
Canvas is widely used by schools and universities to manage grades, assignments, lecture videos, and communications between students and teachers. Schools have increasingly shifted to digital platforms in recent years, making cyberattacks on learning management systems a significant threat.
Previous major cyberattacks on educational institutions include breaches affecting Minneapolis Public Schools and the Los Angeles Unified School District. Such incidents have demonstrated the persistent risks of ransomware and data theft in the academic environment, with attackers often seeking hefty ransom payments to prevent data leaks or system shutdowns.
Sources
This article is based on reporting and publicly available information from the following source:
Read more US News stories on Goka World News.