Canvas system used by thousands of schools is back online after a cyberattack disrupted studies

Canvas, a learning management system used by nearly 9,000 schools and universities worldwide, resumed full operations Friday after a cyberattack disrupted services Thursday. The hacking group ShinyHunters claimed responsibility, according to threat analyst Luke Connolly from Emisoft, and threatened to leak billions of private messages and records accessed during the breach. Instructure, the company behind Canvas, confirmed in a late-Thursday update that the system was restored for most users. The attack occurred as students prepared for final exams, forcing many to rely on alternative methods to access course materials. Some institutions, including the University of Texas at San Antonio, delayed Friday finals due to the outage, while others like Princeton University announced the system was back online. ShinyHunters posted screenshots online indicating they had compromised data from nearly 9,000 schools. By Friday, the group removed Canvas and Instructure from a dedicated dark web leak site, suggesting a resolution—though it remains unclear whether a ransom was paid. Instructure did not respond to requests for comment on the attack’s details or data security measures. The incident mirrors a 2023 breach of PowerSchool, another education platform, where a Massachusetts college student was charged. Connolly described ShinyHunters as a loosely organized group of U.S. and U.K.-based teenagers and young adults, also linked to attacks on Ticketmaster’s Live Nation subsidiary. Schools across the U.S. and globally have become prime targets for cybercriminals, with sensitive digital records replacing physical files once stored securely. Past victims include Minneapolis Public Schools and the Los Angeles Unified School District, highlighting the growing threat to educational institutions.