Canvas system used by thousands of schools is online after a cyberattack

Key Points:

• A cyberattack on the Canvas online learning platform disrupted access for tens of thousands of students worldwide during final exam preparations, causing widespread panic and forcing schools to reschedule exams and extend deadlines.
• The hacking group ShinyHunters claimed responsibility, stating nearly 9,000 schools were affected and threatening to leak data unless settlements were negotiated; Instructure, Canvas’s parent company, took the platform offline to investigate and temporarily disabled Free-For-Teacher accounts.
• The attack exploited vulnerabilities in Canvas’s system, highlighting the risks associated with schools’ heavy reliance on a limited number of digital service providers for critical educational operations.
• Faculty members faced challenges in grading and managing coursework without access to the platform, with some professors opting to give full credit if data could not be recovered, while students expressed concerns about personal data security.
• Cybersecurity experts noted the timing of the attack was intentional to maximize disruption and potential extortion, and investigations were ongoing with no confirmed ransom payments reported at the time.