Canvas Outage Hits Students Ahead of Finals after Cyberattack Claims

Instructure’s online learning platform Canvas suffered a cybersecurity incident on May 2, disrupting access for students at major US universities including Columbia, Rutgers, and Princeton just days before final exams. The outage left students unable to access lecture slides, assignments, and coursework, forcing Columbia to postpone exams and assignments scheduled for May 3. The attack was claimed by the hacking group ShinyHunters, which alleged nearly 9,000 schools worldwide were affected. Cybersecurity expert Rachel Tobac warned that exposed data—such as names, email addresses, phone numbers, student IDs, and internal messages—could enable highly targeted phishing scams, including fake emails mimicking professors. Columbia University acknowledged the issue on social media, stating it was investigating the disruption while postponing deadlines due to the outage. Students expressed frustration, as most course materials are stored exclusively online, complicating exam preparation. While passwords were not compromised, Tobac cautioned that attackers could craft convincing phishing messages using leaked details about classes and communications. The incident underscores rising cybersecurity risks for universities and digital education platforms, which hold vast amounts of personal and institutional data. Canvas services began restoring access gradually, though universities continue monitoring the breach’s full scope. Despite the disruption, many students still prefer digital learning tools for their convenience, though the incident has heightened concerns about data security in academic settings.