Canvas cyberattack hits schools across nation, including NC public schools

A cyberattack on Canvas, a cloud-based education platform used by over 8,000 institutions and 30 million users worldwide, disrupted services on May 7, just before finals for many schools. The hacking group ShinyHunters took responsibility, stating they accessed data from over 275 million individuals across nearly 9,000 schools globally. Major universities, including Duke, Columbia, Princeton, Harvard, and Georgetown, reported ransom notes on their Canvas homepages, while North Carolina public school systems like Charlotte-Mecklenburg, Catawba County, and Wake County were also affected. The state’s Department of Public Instruction blocked Canvas access for affected schools after the breach was discovered. Instructure, the parent company of Canvas, confirmed the platform was temporarily unavailable for hours due to maintenance and an investigation into login difficulties. By late May 7, Instructure announced Canvas was restored for most users, though some issues with Student ePortfolios persisted. The hacking group ShinyHunters has a history of targeting global corporations, including stealing nearly 80 million business records from video game developer Rockstar Games in April. The disruption occurred as schools were wrapping up the semester, leaving students unable to access grades or class materials. The attack highlights growing cybersecurity risks in education, where digital platforms are critical for daily operations. ShinyHunters’ claim of accessing vast amounts of personal data raises concerns about privacy and the potential for further misuse of the stolen information.