Canvas system is online after a cyberattack disrupted thousands of schools

A cyberattack on Canvas, an online learning platform used by tens of thousands of schools globally, knocked the system offline late Thursday, disrupting final exams and coursework for students worldwide. The outage forced schools to reschedule deadlines and exams, including at the University of Maryland and the University of Texas at San Antonio, as faculty scrambled to find alternative solutions. Instructure, the company behind Canvas, confirmed the attack involved unauthorized changes to user pages and temporarily shut down Free-For-Teacher accounts. The company did not disclose whether a ransom was paid or if compromised data was accessed, though a hacking group called ShinyHunters claimed responsibility. The group reportedly accessed billions of private messages and records from nearly 9,000 schools. Students like Elizabeth Polo, a junior at the University of Maryland, reported chaos as the platform displayed a message from the hackers demanding direct negotiations. Canvas later removed the message, replacing it with a notice about scheduled maintenance. Polo expressed concern over potential data breaches after the system briefly returned online. The attack’s timing, coinciding with final exams, was deliberate, according to cybersecurity experts. Huseyin Can Yuceel, a security researcher at Picus Labs, stated hackers often target schools during high-stress periods to maximize extortion opportunities. Schools such as the University of Texas Permian Basin delayed grade submissions, while others extended deadlines to mitigate disruptions. The incident highlights the growing vulnerability of educational institutions to cyber threats, following past attacks on systems like those in Minneapolis and Los Angeles. Experts warn that digitized school records make them prime targets for hackers seeking sensitive data.