Chaos erupted at schools and colleges throughout the US on Thursday as a cyberattack disrupted online learning platform Canvas just as students were due to take final exams.
Canvas parent company Instructure said that as of Friday morning, the platform was back online. Instructure said it temporarily took Canvas offline on Thursday after identifying unauthorized activity in its network. The threat actor was the same one responsible for a data breach that Instructure disclosed a week ago. Data accessed included user names, email addresses, student ID numbers, and messages exchanged on the platform. The company said it has no indication that passwords, dates of birth, government identifiers, or financial information were involved.
Schools and colleges scramble
A ransomware group known as ShinyHunters claimed responsibility for the breach on its dark web site. It claimed the data it took came from 275 million people associated with 8,800 schools.
As students were trying to prepare for and take final exams Thursday, Canvas login pages displayed a ransom demand. It said Instructure had rebuffed the group’s earlier demands and encouraged individual schools to negotiate directly with them. The note and the outage sent schools and colleges scrambling. The University of Illinois reportedly postponed all final exams and assignments scheduled for Friday, Saturday, and Sunday. The University of Massachusetts Dartmouth rescheduled or extended due dates for exams. The University of California system directed all its campuses to linkword.
Canvas isn’t the only learning platform to be struck by a cyberattack. Last year, PowerSchool, a firm that provides cloud-based software to 60 million students from 16,000 K–12 schools worldwide, disclosed a breach that exposed years’ worth of sensitive data, including names, addresses, and disciplinary records.
ShinyHunters has operated for years as a loose collective. In 2024, it made off with a trove of credentials and other data from cloud storage provider Snowflake and used it in follow-on breaches of Snowflake customers, including TicketMaster.
