Cybersecurity breach impacting University of Minnesota, colleges across the country

A cybersecurity breach has taken down Canvas, a learning management system used by the University of Minnesota, University of Wisconsin, and nearly 9,000 schools worldwide. The hacking group Shinyhunters claimed responsibility, stating affected institutions should contact them privately to negotiate a settlement. The breach has left students and faculty unable to access grades, assignments, and course materials, particularly during final exams and grading periods. The University of Minnesota confirmed the breach after being notified by Instructure, Canvas’s parent company. A spokesperson stated that the university is working with the vendor to restore access while protecting sensitive information. Similarly, the University of Wisconsin reported an outage around 3 p.m. and advised students to ignore any suspicious prompts from Canvas, such as login requests or password resets. The attack highlights the risks of centralized systems in education, as hackers can exploit widespread use to maximize impact. Adam Marre, chief information security officer at Arctic Wolf, warned that attackers may use stolen data—including emails, names, and messages—in future phishing schemes, even months after the breach. He urged users to verify links, avoid urgent prompts, and enable multifactor authentication to prevent exploitation. Luke Connolly, a threat analyst at Emisoft, noted that billions of private messages and records were accessed in the attack. Schools, rich in digitized data, remain prime targets for cybercriminals seeking sensitive information previously stored in physical records. The disruption has forced universities to provide flexibility to students while investigating the breach’s full extent.