Canvas system is online after a cyberattack disrupted thousands of schools

Tens of thousands of students and faculty lost access to Canvas, a widely used online learning platform, after a cyberattack knocked the system offline on Thursday evening. The disruption occurred as students prepared for final exams, forcing schools to reschedule deadlines and exams, including at the University of Texas at San Antonio and the University of Texas Permian Basin. Instructure, the company behind Canvas, confirmed the attack involved unauthorized changes to user pages and exploited vulnerabilities in Free-For-Teacher accounts, which were temporarily disabled. The hacking group ShinyHunters claimed responsibility, stating nearly 9,000 schools globally were affected, with billions of private messages and records accessed. A message displayed on affected screens urged schools to contact the group directly to negotiate settlements, threatening data leaks if ignored. Instructure later removed the message, replacing it with a notice about scheduled maintenance, though the platform remained offline for investigation. The timing of the attack—just days before final exams—amplified chaos, with professors like Gwyneth Doland at the University of New Mexico extending deadlines and others, such as Rod Uzat at the University of Texas Permian Basin, delaying grade submissions. Students like Elizabeth Polo at the University of Maryland reported panic as assignments became inaccessible, though access was partially restored by early Friday. Instructure stated it discovered unauthorized changes made by the attacker but did not confirm whether a ransom was paid or if compromised data was accessed. The incident highlights the growing risk of cyberattacks on educational institutions, which store vast amounts of sensitive digital records. Past breaches, including those affecting Minneapolis Public Schools and the Los Angeles Unified School District, underscore the vulnerability of school systems to criminal hackers seeking extortion.