A nationwide cyberattack on Canvas, a learning management system used by thousands of schools and universities across the US, caused widespread disruption on Thursday as students prepared for final exams. The outage left many unable to access course materials, assignments, and grades, prompting panic among students and faculty.
Institutions including the University of Texas at San Antonio, Virginia Tech, and the University of New Mexico notified students of the incident, with some postponing exams. The University of Iowa’s College of Public Health described it as a “national-level cyber-security incident”. Teachers reported scrambling to find workarounds for students to study and submit work.
The hacking group ShinyHunters claimed responsibility, according to Luke Connolly, a threat analyst at cybersecurity firm Emsisoft. The group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and records accessed. Screenshots indicated the group had threatened to leak the data, with deadlines of 7 and 12 May, suggesting possible extortion negotiations.
Instructure, the company behind Canvas, did not respond to requests for comment. The attack mirrors a previous breach at PowerSchool, another learning management provider. ShinyHunters, described as a loose affiliation of teenagers and young adults from the US and UK, has also been linked to attacks on Ticketmaster.
