Massive Cyberattack Cripples Canvas Learning Management System at Nearly 9,000 Schools
A widespread cyberattack has taken down Canvas, the popular learning management system used by thousands of schools and universities worldwide, leaving students scrambling amid final exams and critical end-of-semester deadlines.
The hacking group ShinyHunters claimed responsibility for breaching Instructure, the company behind Canvas, according to Luke Connolly, a threat analyst at cybersecurity firm Emisoft. The attack began late last week, and the system was reported offline Thursday, causing widespread disruption across campuses nationwide.
Nearly 9,000 schools around the globe were impacted, with billions of private messages, grades, assignments, and other sensitive records accessed, Connolly confirmed. The hackers have threatened to leak this data publicly unless demands are met, setting deadlines of Thursday and May 12, suggesting ongoing extortion negotiations.
Schools and Universities Grapple With Growing Chaos
The nationwide scale of the breach has prompted universities and school districts to issue urgent alerts. The University of Iowa declared it a “national-level cybersecurity incident” as their systems went offline.
“This is being reported as a national-level cyber-security incident. Hopefully we will have a resolution soon,” said the University of Iowa’s director of information technology.
Virginia Tech acknowledged the cyberattack’s direct impact on final exams and grading, promising updates via email and their status page. Even elite institutions like Harvard University reported outages affecting students’ ability to access course materials.
Public school districts, such as those in Spokane, Washington, moved quickly to reassure parents, stating they are “not aware of any sensitive data contained in this breach,” though the full scale remains unclear.
Attack Highlights Education Sector’s Vulnerability
Canvas is critical for managing grades, assignments, lecture videos, and course notes, making the attack a significant blow to education’s technological infrastructure. Analysts warn that education systems have become prime targets due to the wealth of sensitive, digitized student data they hold.
This incident closely mirrors a previous breach of PowerSchool, another education platform, where a Massachusetts college student faced charges. ShinyHunters, described by Connolly as a loose group of teenagers and young adults across the U.S. and U.K., has also been connected to hacks targeting major companies like Live Nation’s Ticketmaster.
What’s Next?
Instructure has not yet commented on the attack via social media or press channels, leaving many users uncertain about when Canvas will be restored or how data will be protected moving forward.
Authorities and cybersecurity experts continue to monitor the situation as schools and universities brace for potentially prolonged disruptions. Students, parents, and educators across California and the United States are advised to stay tuned for official updates and follow guidance from their institutions.
The incident underscores the urgent need for enhanced cybersecurity measures in the education sector as reliance on digital platforms surges.
