Cyberattack hits Canvas system used by thousands of schools — including FIU and USF — as finals loom
The Canvas learning management system, used by nearly 9,000 schools globally including Florida International University (FIU) and the University of South Florida (USF), was hit by a cyberattack on May 9, disrupting access to grades, course materials, and assignments for students ahead of final exams. The hacking group ShinyHunters claimed responsibility, threatening to leak billions of private messages and records unless demands are met, with potential extortion discussions ongoing until May 12.
A cyberattack on Canvas, a learning management system used by nearly 9,000 schools worldwide, left thousands of students unable to access grades, assignments, and course materials on May 9 as finals approached. The hacking group ShinyHunters claimed responsibility, stating they accessed billions of private messages and records, and threatened to leak the data unless demands were met. The group set deadlines of May 9 and May 12, suggesting ongoing negotiations over potential extortion payments. Canvas is widely used by schools and universities to manage grades, assignments, lecture videos, and other academic materials. Affected institutions include Florida International University (FIU), the University of South Florida (USF), Virginia Tech, the University of New Mexico, and the University of Florida, among others. Some schools, like the University of Texas at San Antonio, postponed finals scheduled for May 10 due to the outage. The attack disrupted end-of-semester activities, with students and faculty scrambling for alternative solutions to access critical materials. The University of Iowa’s College of Public Health described the incident as a national-level cybersecurity threat, while Virginia Tech and other institutions urged students to remain vigilant against phishing scams linked to the breach. ShinyHunters, a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom, has been tied to previous attacks, including one on Live Nation’s Ticketmaster subsidiary. The group’s tactics mirror a 2024 breach of PowerSchool, another learning management system, which led to a Massachusetts college student being charged in connection with the incident. Instructure, the company behind Canvas, did not immediately respond to requests for comment on whether the system was taken offline as a precaution or due to the attack. Schools like Harvard and Johns Hopkins also reported disruptions, with students unable to view final grades or access course materials. Spokane, Washington, school officials stated they were unaware of any sensitive data being compromised in the breach.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.