Cyberattack on system used by thousands of US schools disrupts final exams

A cyberattack on Canvas, a platform used by nearly 9,000 schools globally, caused widespread disruptions in US education systems on May 2. Thousands of students preparing for final exams found course materials, grades, and assignments inaccessible, leading institutions like the University of Texas at San Antonio to delay exams. The hacking group ShinyHunters took credit, warning of data leaks unless demands were met by May 12, as confirmed by cybersecurity firm Emsisoft’s threat analyst Luke Connolly. The outage affected universities such as Harvard, Johns Hopkins, Virginia Tech, the University of Iowa, and the University of New Mexico, as well as public school districts like Spokane, Washington. Schools scrambled to notify students and parents, with some urging caution against phishing attempts linked to Canvas. Teachers reported difficulties in finding alternative solutions for students to study or submit final assignments. ShinyHunters claimed access to billions of private messages and records, with screenshots provided by Connolly showing threats posted online. The group’s demands suggest ongoing negotiations over potential extortion payments. Canvas, developed by Instructure, manages grades, assignments, and lecture materials for millions of students, making it a prime target for hackers seeking sensitive data. The attack mirrors a previous breach on PowerSchool, another learning management system, where a Massachusetts college student was charged. Schools across the US have increasingly become targets for cybercriminals exploiting digital vulnerabilities. Instructure has not yet issued a public statement regarding the incident or confirmed whether the system was taken offline as a precaution or due to the attack. Students and faculty expressed frustration, with one University of Pennsylvania lecturer describing the situation as leaving academia ‘dead in the water.’ The incident underscores the growing risks of digital dependence in education, following past attacks on districts like Minneapolis and Los Angeles Unified.