Canvas restores service after cyberattack

The Canvas learning management system, utilized by thousands of educational institutions, resumed service on Friday following a cyberattack that disrupted

studies for students preparing for final exams. The hacking group ShinyHunters claimed responsibility for the breach, according to Luke Connolly, a threat analyst at the cybersecurity firm Emisoft. Instructure, the parent company of Canvas, announced that the system was accessible to most users as of late Thursday.

Impact of the Cyberattack

Canvas serves as a vital platform for managing grades, assignments, lecture videos, and course materials. The hacking group reported that approximately 9,000 schools worldwide were affected, with billions of private messages and records potentially accessed, Connolly stated.

Connolly provided screenshots indicating that the group began threatening to leak the stolen data on Sunday. By Friday, Instructure and Canvas had been removed from a leak site created by the ransomware group on the dark web.

Reactions from Students and Educators

The timing of the Canvas outage coincided with final exam preparations, prompting students to express panic on social media as they lost access to essential course materials. Teachers were compelled to find alternative methods to assist students with their studies and final assignments.

In response to the outage, some institutions, including the University of Texas at San Antonio, decided to postpone finals originally scheduled for Friday. Other schools, like Princeton University, updated their communities via social media, stating that Canvas appeared to be operational again and that IT staff was actively monitoring the situation.

Ongoing Cybersecurity Threats

Educational institutions, rich in sensitive data, remain attractive targets for cybercriminals. Past incidents have impacted major districts, including the Minneapolis Public Schools and the Los Angeles Unified School District.

Despite the attack's severity, Instructure has not publicly addressed the incident on its social media channels. The company did not immediately respond to inquiries from The Associated Press regarding whether a ransom was paid or the status of the compromised data.

Background on ShinyHunters

Connolly characterized ShinyHunters as a loosely organized group of teenagers and young adults based in the U.S. and the U.K., previously linked to other cyberattacks, including one targeting Live Nation’s Ticketmaster subsidiary. He noted that the Canvas breach bears resemblance to a prior incident involving PowerSchool, which also offers learning management solutions.