Outage from Canvas data breach affects some South Florida schools

Canvas, a widely used online learning platform, experienced a major outage on May 7 after a cyberattack disrupted services for South Florida schools and universities. The hacking group ShinyHunters claimed responsibility, stating nearly 9,000 schools worldwide were affected and that data for 275 million individuals—including students, teachers, and staff—was stolen. The group demanded a ransom payment from Instructure, Canvas’s operator, by May 12 or threatened to leak the data. Instructure reported that Canvas was fully restored by May 8, though some institutions remained impacted. The company confirmed that accessed data included names, email addresses, student IDs, and internal messages but found no evidence of compromised passwords, birthdates, government IDs, or financial information. Affected organizations were advised to follow their own IT security protocols and avoid suspicious communications. Broward County Public Schools temporarily blocked Canvas districtwide on May 7 to prevent further risks, warning users against accessing the platform from personal devices or clicking suspicious links. Florida International University (FIU) also disabled Canvas access due to the incident, urging users to remain vigilant against phishing attempts. FIU’s cybersecurity team is coordinating with Instructure to assess the situation, with updates expected as details emerge. While Miami Dade College and the University of Miami have not confirmed their status, both institutions previously used Canvas for remote learning and course management. The attack highlights ongoing cybersecurity challenges in education, with ShinyHunters exploiting vulnerabilities in widely adopted digital platforms.