Iran war and inflation
A hacker group called ShinyHunters disrupted Canvas, an academic software platform used by over 1 million California university students, starting April 29, threatening to release sensitive data unless paid. The University of California blocked access until security was confirmed, while Instructure, the company behind Canvas, later claimed no ransom was paid and core learning data remained uncompromised, though messages and other information were accessed during the breach.
A hacker group known as ShinyHunters took down Canvas, an academic software platform critical to California’s universities, beginning on or around April 29. The attack exploited a vulnerability in Canvas’s free tool for teachers, leading to a full system outage on May 7 that disrupted access for over 1 million students across the University of California (UC) and California State University (Cal State) systems. UC Riverside students like Esther Mejia and Kelly Merchant lost access to assignments, tests, and communication tools, with only limited professor outreach to address the crisis. Merchant learned of the hack through Reddit after being logged out mid-assignment, highlighting the platform’s central role in modern education. The hackers claimed to have obtained billions of messages and other sensitive data, threatening to release it unless paid a ransom. By Monday, May 11, Instructure, the company behind Canvas, stated in an email to UC that it had reached an agreement with the hackers to return all data, ensuring it was no longer held by the attackers. The company’s CEO confirmed no Instructure customers would face extortion but did not confirm whether a ransom was paid. Cal State reported a brief shutdown on May 4, resolving within 30 minutes, while UC blocked Canvas access until security was assured, stating on its website that restoration would only occur when confident in the system’s safety. Instructure’s CEO later clarified that core learning data—such as course content, submissions, and credentials—was not compromised, though the hackers accessed other information. Cal State also confirmed Canvas does not store Social Security numbers. The incident has raised concerns about how universities vet online platforms, potential liability for breaches, and the need for stronger student data protections. A class-action lawsuit filed in Texas federal court alleges the attack began when Instructure detected unusual activity on April 29, though no legal resolution has been reached. Merchant noted that one professor shared assignment materials via a Discord group created earlier in the term, but not all instructors took similar steps. The disruption occurred during midterms and finals, exacerbating stress for students who relied on Canvas for coursework and communication. The incident underscores vulnerabilities in centralized edtech platforms and the urgent need for better cybersecurity measures in higher education.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.