Canvas hack: What we know about the apparent cyberattack impacting thousands of schools

Key Points:

• A cyberattack by the hacking group ShinyHunters shut down Canvas, a widely used education platform with over 30 million users, disrupting access to classroom materials for universities and K-12 schools across the US during final exam preparation.
• The attackers posted ransom notes on affected institutions' Canvas homepages, demanding payment to prevent data leaks, claiming to have breached Instructure, Canvas’ parent company, and accessed data from millions of users.
• The attack affected major universities including Columbia, Princeton, Harvard, and Georgetown, as well as numerous school districts nationwide, leading some schools to extend deadlines and reschedule exams.
• ShinyHunters is linked to multiple high-profile data breaches and extortion operations, using sophisticated phishing tactics to steal data from cloud platforms, with US authorities having prosecuted members of the group.
• Students and faculty expressed anxiety and disruption due to the outage, highlighting Canvas's critical role in academic communication and resource access, with some professors scrambling to find alternative ways to distribute materials.