Canvas back online for most after data breach; Columbia University among schools impacted

Canvas, a widely used learning platform for colleges, resumed operations after a cybersecurity incident disrupted services on May 2. The breach, attributed to the hacker group ShinyHunters, impacted nearly 9,000 schools globally, including Columbia University, Rutgers, and Princeton. Personal data such as names, email addresses, phone numbers, student ID numbers, and internal messages may have been exposed, according to cybersecurity expert Rachel Tobac. Columbia University confirmed the outage affected its students, forcing the postponement of assignments and exams due Friday. Students reported reliance on Canvas for study materials, with senior Zion James and sophomore Jerry Yan highlighting disruptions to exam preparation. The university stated it was actively investigating the issue. Tobac warned that stolen data could enable targeted phishing attacks, such as fake messages impersonating professors. She advised keeping software updated and avoiding password reuse to mitigate risks. Canvas’ parent company, Infrastructure, described the incident as a criminal threat actor breach. The breach underscored vulnerabilities in online education tools, which Tobac noted are frequent hacking targets. While students expressed frustration, many still preferred digital access over physical textbooks. Columbia’s announcement of postponed deadlines reflected the platform’s critical role in academic workflows.