Canvas System Recovers from Cyberattack Amid Student Exam Panic
A widely used educational platform, Canvas, returned to operation on Friday after experiencing downtime triggered by a cyberattack that caused significant disruption for students preparing for final exams.
The hacking group ShinyHunters has claimed responsibility for this breach, according to Luke Connolly, a threat analyst from Emisoft, a cybersecurity firm. Instructure, which manages the Canvas system, announced late Thursday that most users should now have access again.
Canvas serves various educational functions, including managing grades, course materials, assignments, and lectures. Connolly noted that the hacking group indicated that nearly 9,000 educational institutions worldwide were affected, with a massive amount of private data accessed.
Screenshots shared by Connolly reveal that the group initiated threats on Sunday to leak the stolen data. By Friday, both Instructure and Canvas had been taken off a leak site established by the ransomware group on the dark web.
The system outage occurred at an unfortunate time for students, leading many to express their concerns on social media about the inability to access vital study resources. Teachers found themselves scrambling for alternative methods to help students prepare for exams and submit final assignments. Notably, the University of Texas at San Antonio postponed finals scheduled for that Friday due to the situation.
In response to the outages, institutions like Princeton University took to X late Thursday to reassure students that “Canvas appears to be available again” while IT staff continued to monitor the issue.
With schools rich in digital data, they are increasingly becoming attractive targets for hackers who seek sensitive information that was once securely stored in physical locations. Previous attacks have included incidents affecting Minneapolis Public Schools and the Los Angeles Unified School District.
Instructure has yet to make any social media posts regarding the attack. The company has not responded to inquiries about whether a ransom was paid or what was done with the compromised data.
Connolly noted that the Canvas incident bears resemblance to a past breach involving PowerSchool, another provider of educational management tools, for which a Massachusetts college student was charged.
He described ShinyHunters as a loose collection of young individuals, primarily based in the U.S. and the U.K., who have been associated with other attacks, including an incident that targeted the Ticketmaster subsidiary of Live Nation.
