Canvas cybersecurity breach impacts thousands of colleges, universities as finals loom

A cybersecurity breach on Canvas, a digital classroom platform used by over 8,000 colleges and universities nationwide, has left students and faculty scrambling as finals week approaches. The attack forced institutions like the University of Incarnate Word (UIW), the University of Texas at San Antonio (UTSA), and the Alamo Colleges District to reschedule assignments and exams due on or before May 10. Hackers affiliated with the group ShinyHunters claimed responsibility, posting ransom notes on affected school sites demanding payment to prevent further data leaks. Instructure, the company behind Canvas, confirmed the platform was in 'maintenance mode' late Thursday and is investigating the breach. The company has not provided a timeline for resolution, leaving universities to manage disruptions independently. UIW extended deadlines for impacted finals and grade submissions, while UTSA rescheduled assignments and exams. Despite the chaos, commencement ceremonies scheduled for May 11 at UIW and UTSA will proceed as planned. The breach has exposed vulnerabilities in digital education infrastructure, raising concerns about data security and academic continuity during critical periods. Canvas serves as a central hub for grades, assignments, lecture videos, and course notes, making its disruption particularly disruptive for students. Reports indicate the attack began affecting institutions earlier in the week, with students and faculty first noticing ransom notes on their school’s Canvas homepages. Instructure has not yet confirmed whether student or faculty data was accessed or compromised, though the presence of ransom demands suggests sensitive information may be at risk. Universities are advising affected students to contact their IT departments for updates and alternative arrangements.