NYC schools impacted by Canvas cyber attack

New York City public schools are facing disruptions due to a cybersecurity incident involving Canvas, a widely used learning management platform. The outage, reported by thousands of educational institutions nationwide, follows a breach disclosed by Canvas’ parent company, Instructure, which attributed the attack to a criminal threat actor. The company temporarily took the platform offline to address the issue, leaving students and educators unable to access grades, assignments, and course materials. A hacking group named ShinyHunters has claimed responsibility for the incident and threatened to release student data, though the extent of any breach remains unclear. The disruption has impacted institutions globally, including the University of Florida, which reported issues affecting over 8,000 schools and universities. In NYC, officials are investigating potential data privacy risks tied to the incident, with Schools Chancellor Kamar H. Samuels stating that the system is working with vendors, law enforcement, and NYC Cyber Command to assess the situation. Samuels confirmed two data privacy issues are under review—one affecting up to seven schools globally and another localized to a single NYC campus. The department has not specified which schools are impacted or whether student data has been compromised. Meanwhile, affected students and staff are urged to follow mandatory data privacy and security training protocols. The timeline for restoring full access to Canvas remains uncertain. At Columbia University, access to Canvas/CourseWorks was initially restored for most institutions but remains unavailable to Columbia users as the university conducts its own security review. Rutgers University, facing disruptions during a critical exam period, acknowledged that exams and coursework submissions may have been impacted. Both institutions are monitoring the situation and will provide updates as more information becomes available.