Singapore universities assessing impact after global cyberattack on educational tool Canvas

Singapore’s National University of Singapore (NUS), Singapore University of Social Sciences (SUSS), and Singapore Institute of Management (SIM) are evaluating the fallout from a cyberattack on Canvas, an educational tool used by nearly 9,000 schools globally. The hacking group ShinyHunters claimed responsibility, stating in a May 3 post that they accessed student names, email addresses, and private messages from affected institutions. Canvas, developed by Instructure, remains operational after the outage, though universities are reviewing security measures. NUS confirmed minimal operational impact, as the current semester had concluded, and reassured that backup systems ensured uninterrupted marking and grading processes. The university warned students to avoid sharing personal or login details with suspicious contacts. SUSS reported no significant disruptions, though it advised users to enable multi-factor authentication and change passwords to mitigate phishing risks. SIM adopted temporary measures, including direct Zoom links for students and extended deadlines for assignments, while confirming no evidence of data exfiltration. ShinyHunters threatened to leak data for 275 million individuals unless ransom demands were met by May 6, later extending the deadline. The attack affected institutions worldwide, including Harvard and Stanford in the U.S., disrupting end-of-year academic tasks. Instructure, Canvas’s developer, has 30 million active users globally across kindergarten to college levels. Local institutions like NTUC Learning Hub and Kaplan remain under investigation for potential exposure. All three universities emphasized vigilance, with NUS and SUSS urging users to review security settings and SIM assuring its cyber defenses remain robust.