Canvas hacked: USyd students among 275 million users impacted by data breach, learning platform inaccessible
The Canvas learning management system, used by the University of Sydney and 9,000 global institutions, suffered a global cybersecurity breach on May 2, exposing 3.65 terabytes of data from 275 million users. The hacker group ShinyHunters demanded a ransom, while Instructure confirmed the breach included identifying information like names, emails, and student IDs, though no passwords or financial data were compromised." "article": "The Canvas learning management system (LMS), developed by Instructure, experienced a global cybersecurity breach on May 2, affecting around 9,000 institutions worldwide. The hacker group ShinyHunters claimed responsibility, stating they accessed 3.65 terabytes of personal data from 275 million Canvas users and threatened to release it unless a ransom was paid. The breach caused a global outage, leaving University of Sydney (USyd) students unable to access Canvas since 6:00 am AEST on May 7. USyd confirmed the outage in a statement, noting the platform was placed in maintenance mode by Instructure while investigations took place. Students were advised not to attempt logins until further notice and assured no penalties would apply for missed assessments due to the outage. Instructure’s chief information security officer, Steve Proud, confirmed the breach exposed identifying information such as names, email addresses, and student IDs, but stated no passwords, dates of birth, government identifiers, or financial data were compromised. The company claimed the incident was contained by May 7. However, ShinyHunters disputed this, alleging access to additional sensitive data. USyd warned students to avoid phishing attempts and scams related to the breach, directing them to university resources for identifying suspicious activity. The university also extended support through Student Wellbeing services and legal aid via the Student Representative Council (SRC) and SUPRA for affected students. President of the SRC, Grace Street, expressed frustration, citing this as the second major breach in months, including a December 2025 incident affecting 22,500 staff and 5,000 alumni. Instructure’s status page indicated the platform was under maintenance, with updates promised as soon as possible. The outage disrupted critical academic functions, including assessment submissions and course content access, at a pivotal time in the semester.
The Canvas learning management system (LMS), developed by Instructure, experienced a global cybersecurity breach on May 2, affecting around 9,000 institutions worldwide. The hacker group ShinyHunters claimed responsibility, stating they accessed 3.65 terabytes of personal data from 275 million Canvas users and threatened to release it unless a ransom was paid. The breach caused a global outage, leaving University of Sydney (USyd) students unable to access Canvas since 6:00 am AEST on May 7. USyd confirmed the outage in a statement, noting the platform was placed in maintenance mode by Instructure while investigations took place. Students were advised not to attempt logins until further notice and assured no penalties would apply for missed assessments due to the outage. Instructure’s chief information security officer, Steve Proud, confirmed the breach exposed identifying information such as names, email addresses, and student IDs, but stated no passwords, dates of birth, government identifiers, or financial data were compromised. The company claimed the incident was contained by May 7. However, ShinyHunters disputed this, alleging access to additional sensitive data. USyd warned students to avoid phishing attempts and scams related to the breach, directing them to university resources for identifying suspicious activity. The university also extended support through Student Wellbeing services and legal aid via the Student Representative Council (SRC) and SUPRA for affected students. President of the SRC, Grace Street, expressed frustration, citing this as the second major breach in months, including a December 2025 incident affecting 22,500 staff and 5,000 alumni. Instructure’s status page indicated the platform was under maintenance, with updates promised as soon as possible. The outage disrupted critical academic functions, including assessment submissions and course content access, at a pivotal time in the semester.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.