There was chaos in schools and colleges across the US on Thursday when a cyber attack disrupted online learning platform Canvas just as students were set to take final exams.
Instructure, Canvas’s parent company, said that by Friday morning, the platform was back online. Instructor said it took Canvas temporarily offline on Thursday after identifying unauthorized activity on its network. The person making the threat was the same person responsible for the data breach that Instructor had disclosed a week earlier. The data accessed included usernames, email addresses, student ID numbers and messages exchanged on the platform. The company said there was no indication that passwords, dates of birth, government identifiers or financial information were involved.
There is fighting in schools and colleges
A ransomware group called ShinyHunters claimed responsibility for the breach on its dark web site. It claimed that the data it took came from 275 million people associated with 8,800 schools.
While students were trying to prepare and take final exams on Thursday, a ransom demand appeared on the Canvas login page. It said instructors had rejected the group’s previous demands and encouraged individual schools to negotiate directly with them. Notes and cuts irked schools and colleges. The University of Illinois has reportedly postponed all final exams and assignments scheduled for Friday, Saturday and Sunday. The University of Massachusetts Dartmouth has rescheduled or extended the due dates of examinations. The University of California system directs all of its campuses to Linkward.
Canvas is not the only learning platform to fall victim to cyberattacks. Last year, PowerSchool, a firm that provides cloud-based software to 60 million students in 16,000 K-12 schools worldwide, disclosed a breach that exposed years of sensitive data, including names, addresses and disciplinary records.
ShinyHunters has been operating as a loose group for years. In 2024, it harvested a trove of credentials and other data from cloud storage provider Snowflake and used it in follow-on breaches of Snowflake customers, including Ticketmaster.
<a href