Students across the United States were left unable to access essential coursework, grades, and examination materials after a major cyberattack hit the Canvas learning management system (LMS) during finals week, with universities reporting widespread disruption and a ransom message replacing normal platform access.
Canvas Cyberattack Disrupts US Universities
The online learning platform Canvas, owned by Instructure, suffered a significant cybersecurity incident on Thursday, forcing parts of the system into maintenance mode while investigations were launched. Students at major institutions, including Harvard University, Princeton University, Columbia University, Georgetown University, and Rutgers University, reported being locked out of their accounts at a critical point in the academic calendar.
Instead of their usual dashboards, users were greeted with a ransom note attributed to a hacking group identifying itself as ShinyHunters.
'ShinyHunters has breached Instructure (again),' read the warning, as seen by CNN. 'Instead of contacting us to resolve it, they ignored us and did some "security patches."'
The message appeared across multiple affected institutions and demanded payment to prevent further alleged data exposure.
Canvas is one of the world's most widely used education platforms, supporting more than 30 million active users and over 8,000 institutions globally, according to its parent company, Instructure. The timing of the attack has intensified disruption, as many universities are currently conducting final examinations and coursework submissions.
Who Are ShinyHunters and What Are They Demanding?
The hacking group ShinyHunters has been linked to the incident, according to statements reported by affected institutions and student accounts. The group has also been associated with a separate cybersecurity incident earlier this month involving Instructure.
A ransom message reportedly posted on university Canvas pages claimed responsibility for the breach and warned of further data exposure if demands were not met. The group also referenced deadlines for contact regarding the alleged ransom negotiation.
While the full identity and location of ShinyHunters remains unconfirmed by authorities, the group has previously been associated with large-scale data breaches targeting global organisations.
Instructure has not confirmed negotiations with the attackers and has not publicly detailed the specific demands made in relation to the latest incident.
Canvas In Maintenance Mode
Instructure confirmed on its website that Canvas was placed into 'maintenance mode' on Thursday afternoon as cybersecurity teams investigated the disruption. The company said it was actively working to restore services and assess the scope of the breach.
Earlier this month, Instructure acknowledged a separate cybersecurity incident involving a criminal threat actor. At that time, the company stated it had contained the breach but confirmed that certain user information, including names, email addresses and student identification numbers, had been accessed.
It remains unclear whether the latest attack has resulted in additional data exposure or whether it is directly linked to the earlier incident. No official timeline has been given for full restoration of Canvas services.
Students Face Disruption During Exam Period
The outage has caused significant disruption for students in the middle of final assessments. At the University of Pennsylvania, students reported being unable to access study materials while preparing for exams, leading to heightened stress and uncertainty.
Talking to CNN, a student, Anish Garimidi, described being unable to access key resources, saying it affected his preparation during a crucial academic period. At Georgetown University, students also reported receiving ransom messages when attempting to log in, with some noting that deadlines had been extended in response to the disruption.
At the University of California, Riverside, a student said she missed a scheduled quiz due to the outage and expressed concern about upcoming assessments that rely on lecture materials hosted on Canvas.
