Thousands of educational institutions faced major disruptions Thursday when hackers targeted Canvas, a widely-used learning management platform, just as students nationwide were preparing for final examinations.
According to Luke Connolly, a cybersecurity analyst with Emisoft, the hacking collective known as ShinyHunters has taken credit for infiltrating Instructure, the company that operates Canvas. The platform serves as a digital hub where students access coursework, grades, assignments, and lecture materials.
The cybercriminals claim their breach affected approximately 9,000 educational institutions globally and compromised billions of private communications and academic records, Connolly reported. Screenshots obtained by security experts reveal the hackers began making threats on Sunday to release stolen information, setting initial deadlines for Thursday and May 12.
Connolly noted that the extended timeline suggests possible ongoing negotiations over ransom demands. Instructure has not yet responded to media inquiries or clarified whether Canvas was shut down preventively or due to the attack itself.
Educational institutions have become increasingly attractive targets for international cybercriminals seeking valuable digital information that was once stored in physical filing systems. Previous high-profile attacks have targeted major school systems including Minneapolis Public Schools and Los Angeles Unified School District.
The Canvas incident bears striking resemblance to an earlier attack on PowerSchool, another educational technology provider, which resulted in criminal charges against a Massachusetts college student, according to Connolly.
ShinyHunters operates as a loosely organized network of young hackers primarily based in the United States and United Kingdom, Connolly explained. The group has previously been linked to other major breaches, including an attack on Ticketmaster, which is owned by Live Nation.
Affected schools moved quickly to inform their communities about the disruption. The University of Iowa’s information technology director described the situation as “a national-level cyber-security incident” while expressing hope for a swift resolution.
Virginia Tech issued a statement acknowledging the impact on final examinations and other critical end-of-semester activities. “Additional guidance will be shared soon via email and posted on the university status page,” administrators wrote.
Harvard University also experienced system outages, according to reports from the student newspaper. Meanwhile, public school districts worked to reassure families, with Spokane, Washington officials stating they were not “aware of any sensitive data contained in this breach.”
The timing of the attack has created particular challenges for students and faculty who depend heavily on digital platforms for academic activities during the crucial final exam period.
