Exams canceled at Boise State amid alleged Canvas cyber attack

Boise State University canceled all final exams, including in-person tests, following a cyber attack on Canvas, an instructional platform widely used by schools across the U.S. The shutdown occurred during finals week, with a university email sent at 10 p.m. on Thursday confirming the exams would not be rescheduled. Christian Wuthrich, Boise State’s Dean of Students, stated in the email that the university was actively working on contingency plans but had no confirmed timeline for restoring access. The outage stems from a data breach confirmed by Instructure, Canvas’s parent company, two days before the shutdown. The hacking group ShinyHunters claimed responsibility, defacing login pages for some schools and threatening to release sensitive data by Tuesday unless a settlement is negotiated. Earlier reports indicated that hackers did not initially access sensitive information like passwords, dates of birth, or financial details. Boise State is not alone in relying on Canvas, as the platform is used by most Idaho colleges and universities, including the College of Western Idaho and the University of Idaho, as well as some K-12 districts. The attack follows a rise in ransomware incidents targeting schools, with 80% of surveyed schools reporting such attacks in 2022. Hackers often exploit schools’ willingness to pay ransoms, according to research by The 74, a national education news outlet. The breach highlights broader cybersecurity challenges in education, where attacks are often handled discreetly to avoid public scrutiny. Specialized lawyers and crisis communication teams are frequently involved, delaying notifications to affected individuals by months or even years. Schools facing such attacks often operate under secrecy, shielding details from public view to manage reputational risks. Instructure has yet to provide a clear timeline for restoring Canvas, leaving students and educators uncertain about when normal operations will resume. The situation underscores the growing vulnerability of educational institutions to cyber threats, particularly as digital learning tools become more central to academic life.