Cybercrime group crashes Penn’s Canvas system, demands ransom to prevent data release
The Daily Pennsylvanian • • general
Key Points:
- On May 7, the cybercrime group ShinyHunters shut down Penn’s access to the Canvas interface following a data breach of Instructure, the company managing Canvas, which the group claimed responsibility for last week.
- ShinyHunters warned universities to contact them before May 12 to avoid having their data released, threatening to leak all stolen information by the end of that day if no settlement is reached.
- Penn is actively investigating the breach and collaborating with Instructure to restore Canvas access, noting the issue affects multiple institutions, including all eight Ivy League universities.
- The breach reportedly compromised data of hundreds of millions of users, including 306,000 Penn affiliates, with stolen information such as emails, names, Penn ID numbers, and course enrollments confirmed by a sample shared by the hackers.
- ShinyHunters previously targeted Penn in fall 2025, releasing thousands of internal files and sending mass spam emails from University-affiliated addresses, highlighting ongoing security vulnerabilities.
