SouthernWorldwide.com – A significant cyberattack has disrupted the Canvas learning platform, impacting thousands of schools and universities across the United States. The outage began on Thursday, causing widespread disruption as students attempted to prepare for final exams and highlighting the critical reliance of educational institutions on digital infrastructure.
The hacking group known as ShinyHunters has claimed responsibility for the breach targeting Instructure, the company that developed the Canvas learning management system. This information was provided by Luke Connolly, a threat analyst at the cybersecurity firm Emisoft.
CBS News has reached out to Instructure for an official statement regarding the incident.
Several prominent universities have reported being affected by the attack. Among these are Penn State, the University of Wisconsin-Madison, Columbia University, and Union College in New Jersey.
The University of California, Los Angeles (UCLA) was also severely affected, alongside numerous other California schools that experienced crippling outages due to the widespread disruption.
In the Chicago area, the impact was felt by Northwestern University, the University of Chicago, the University of Illinois Chicago, and the University of Illinois. These institutions also struggled with the Canvas platform being offline.
Penn State communicated to its students that access to Canvas was completely unavailable. The university indicated that a resolution was not anticipated within the following 24 hours.
Consequently, all tests scheduled for Thursday and Friday at Penn State’s Pollock Testing Center were canceled due to the system’s unavailability.
Read more: Mississippi tornadoes destroy homes, leaving residents displaced
The student newspaper at Harvard University also reported that the Canvas system was down on their campus. Public school districts have also been working to reassure parents. Officials in Spokane, Washington, stated they were not aware of any sensitive data being compromised in the breach.
Canvas serves as a crucial tool for managing various academic functions, including grades, course materials, assignments, and lecture videos. Connolly reported that the hacking group claimed to have affected nearly 9,000 schools globally, with access gained to billions of private messages and other records.
Screenshots shared by Connolly indicated that the hacking group began issuing threats on Sunday to release the accessed data. They provided deadlines of Thursday and May 12. Connolly suggested that the later date implies ongoing discussions related to potential extortion payments.
Educational institutions, rich in digitized data, are increasingly becoming prime targets for sophisticated cybercriminal groups. These hackers actively seek and exfiltrate sensitive files that were once stored physically in secure cabinets. Previous attacks have notably impacted Minneapolis Public Schools and the Los Angeles Unified School District.
As of the latest reports, Instructure has not released any official statements about the attack on its social media channels.
Connolly drew a parallel between the Canvas attack and a previous breach involving PowerSchool, another provider of learning management tools. In the PowerSchool incident, a college student from Massachusetts was apprehended and charged.
Connolly described ShinyHunters as a loosely organized group consisting of teenagers and young adults primarily based in the United States and the United Kingdom. This group has also been linked to other cyber incidents, including an attack targeting Ticketmaster, a subsidiary of Live Nation.
