Chaos erupted at schools and colleges throughout the US on Thursday as a cyberattack disrupted online learning platform Canvas just as students were because of take final exams.
Canvas parent company Instructure said that as of Friday morning, the platform was back online. Instructure said it temporarily took Canvas offline on Thursday after identifying unauthorized activity in its network. The threat actor was the identical one liable for an information breach that Instructure disclosed every week ago. Data accessed included user names, email addresses, student ID numbers, and messages exchanged on the platform. The corporate said it has no indication that passwords, dates of birth, government identifiers, or financial information were involved.
Schools and colleges scramble
A ransomware group generally known as ShinyHunters claimed responsibility for the breach on its dark website. It claimed the info it took got here from 275 million people related to 8,800 schools.
As students were trying to organize for and take final exams Thursday, Canvas login pages displayed a ransom demand. It said Instructure had rebuffed the group’s earlier demands and encouraged individual schools to barter directly with them. The note and the outage sent schools and colleges scrambling. The University of Illinois reportedly postponed all final exams and assignments scheduled for Friday, Saturday, and Sunday. The University of Massachusetts Dartmouth rescheduled or prolonged due dates for exams. The University of California system directed all its campuses to linkword.
Canvas isn’t the one learning platform to be struck by a cyberattack. Last 12 months, PowerSchool, a firm that gives cloud-based software to 60 million students from 16,000 K–12 schools worldwide, disclosed a breach that exposed years’ value of sensitive data, including names, addresses, and disciplinary records.
ShinyHunters has operated for years as a loose collective. In 2024, it made off with a trove of credentials and other data from cloud storage provider Snowflake and used it in follow-on breaches of Snowflake customers, including TicketMaster.