Chaos erupted in schools and colleges across the United States on Thursday when a cyberattack disrupted online learning platform Canvas just as students were scheduled to take their final exams.
Canvas parent company Instructure said that as of Friday morning, the platform was back online. Instructure said it temporarily took Canvas offline on Thursday after identifying unauthorized activity on its network. The threat actor was the same person responsible for a data breach revealed by Instructure a week ago. The data accessed included usernames, email addresses, student ID numbers and messages exchanged on the platform. The company said it had no indication that passwords, dates of birth, government identifiers or financial information were involved.
Schools and Colleges Are Scrambling
A ransomware group known as ShinyHunters claimed responsibility for the breach on its dark website. They claimed that the data collected came from 275 million people associated with 8,800 schools.
As students tried to prepare for and take their final exams on Thursday, Canvas login pages displayed a ransom note. It said Instructure had rejected the group’s previous demands and encouraged individual schools to negotiate directly with them. The note and the breakdown caused a rush in schools and colleges. The University of Illinois has reportedly postponed all final exams and assignments scheduled for Friday, Saturday and Sunday. The University of Massachusetts Dartmouth has rescheduled or extended exam due dates. The University of California system has directed all of its campuses to linkword.
Broader Implications and Past Incidents
Canvas isn’t the only learning platform to be hit by a cyberattack. Last year, PowerSchool, a company that provides cloud-based software to 60 million students in 16,000 primary and secondary schools around the world, disclosed a breach that exposed years of sensitive data, including names, addresses and disciplinary records.
ShinyHunters has operated as an informal collective for years. In 2024, it took a trove of credentials and other data from cloud storage provider Snowflake and used them in subsequent breaches of Snowflake customers, including TicketMaster.
For more detailed information, visit the source link Here.
“`
