A widely utilized educational system, relied upon by thousands of schools and universities, was restored on Friday after a cyberattack left students in turmoil just as they were preparing for final exams.
The cybercriminal group known as ShinyHunters has claimed responsibility for the breach of Canvas, as reported by Luke Connolly, a threat analyst at Emisoft, a cybersecurity firm. Instructure, the company responsible for Canvas, assured users in a late Thursday update that the system was largely operational once again.
Canvas plays a crucial role in managing grades, distributing course materials, and hosting lecture videos. According to Connolly, the hacking group revealed online that nearly 9,000 educational institutions worldwide were impacted, with billions of private messages and other records compromised.
Connolly provided screenshots indicating that the hackers began threatening to release the data cache on Sunday. By Friday, Instructure and Canvas were no longer featured on a dark web leak site where the ransomware group had intended to publish the stolen information.
The system outage on Thursday struck at a critical moment, prompting a flurry of concern on social media as students expressed fear and frustration over losing access to essential study materials for their finals.
Educators scrambled to devise alternative solutions to assist students in preparing for exams and submitting final assignments. In response to the disruption, some institutions, such as the University of Texas at San Antonio, opted to postpone exams scheduled for Friday.
Schools like Princeton University turned to X late Thursday to announce “Canvas appears to be available again” and that information technology staff was monitoring the situation.
Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.
Instructure has not posted about the attack on its social media. The company didn’t immediately respond to emails from The Associated Press asking whether it paid a ransom and inquiring about what happened with the compromised data.
Connolly said the Canvas attack is strikingly similar to a breach at PowerSchool, which also offers learning management tools. In that case a Massachusetts college student was charged.
Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including one aimed at Live Nation’s Ticketmaster subsidiary.
___
The Associated Press’ education coverage receives financial support from multiple private foundations. AP is solely responsible for all content. Find AP’s standards for working with philanthropies, a list of supporters and funded coverage areas at AP.org.
