A major cyber attack has disrupted universities and schools across the United States, Canada and Australia, creating confusion and academic delays during the crucial end-of-year examination period.
The hacking group ShinyHunters claimed responsibility for the attack, which targeted the widely used academic software platform Canvas. The cyber incident forced the platform offline for thousands of schools and universities worldwide.
By Thursday evening, Instructure, the parent company of Canvas, announced that the service had been restored for most users. However, several institutions continued reporting outages and technical issues on Friday.
The attack is believed to have affected nearly 9,000 educational institutions globally. During the incident, students and staff reportedly saw ransom messages demanding payment in bitcoin appear on their screens.
Mississippi State University postponed Friday’s final examinations to give students time to recover lost coursework and resolve technical problems caused by the outage.
Aubrey Palmer, a meteorology student at the university, told the BBC that students had just completed a lengthy exam essay when a ransom message suddenly appeared. The note stated: “ShinyHunters has breached Instructure (again)” and threatened to release stolen data unless a bitcoin ransom was paid.
Palmer described the scene as chaotic, with students and professors confused about whether their work had been saved. Many students became frustrated over the possibility of having to retake or rewrite their exams.
The university later updated students through email notifications, rescheduled exams and advised everyone to ignore suspicious messages while officials responded to what they called a “nationwide security incident”.
In Australia, University of Sydney informed students that Canvas services were unavailable and instructed users not to attempt logging in. The university acknowledged the disruption during a critical academic period and confirmed it was waiting for further guidance from Instructure.
Several other universities also reported disruptions, including Idaho State University, which cancelled exams scheduled after noon on Thursday. Penn State University warned students that Canvas access was unlikely to be restored quickly and cancelled some examinations.
In Canada, University of British Columbia advised students to immediately log out of Canvas after confirming the breach affected its parent company. University of Toronto also confirmed it had been impacted by the cyber attack.
Meanwhile, students at University of California Los Angeles struggled to submit assignments online, while University of Chicago temporarily disabled its Canvas page following reports of suspicious activity.
Northwestern University graduate student Jacques Abou-Rizk said he received a threatening ransom message after clicking a link in what appeared to be an official university email. He described the experience as frightening and expressed concern about what personal data may have been compromised.
Northwestern University later informed students that it was monitoring the issue and that other university systems had not been affected. However, many students remained unable to access Canvas services.
Cybersecurity experts say ShinyHunters has previously been linked to several high-profile cyber attacks, including a major breach involving Jaguar Land Rover last year.
Luke Connolly, a threat analyst at cybersecurity firm Emisoft, told the Associated Press that screenshots indicated the hackers had begun issuing threats on Sunday, with ransom deadlines set for Thursday and May 12. He added that negotiations regarding extortion payments may still be ongoing.
The cyber attack came amid growing concerns about digital security risks worldwide. On the same day, US Senate Democratic leader Chuck Schumer urged the Trump administration to strengthen national cyber defences as artificial intelligence rapidly increases cybersecurity threats.
Schumer called on the Department of Homeland Security to provide immediate support to states and local authorities facing increasing cyber risks.
What is Canvas?
Canvas is a cloud-based learning management system developed by Instructure that allows schools and universities to manage coursework, assignments, exams and online learning.
Who was behind the cyber attack?
The hacking group ShinyHunters claimed responsibility for the attack targeting Canvas and its parent company Instructure.
How many institutions were affected?
Reports suggest nearly 9,000 educational institutions across the world were impacted by the outage and cyber breach.
What problems did students face?
Students experienced disrupted exams, inaccessible coursework, assignment submission failures and concerns about possible data theft.
Did universities cancel exams?
Yes, several universities postponed or cancelled exams after Canvas services became unavailable during the attack.
Was personal data stolen in the breach?
Hackers claimed they had stolen data and threatened to release it unless a ransom was paid, though the full extent of the breach has not yet been confirmed.
Which countries were affected?
Universities and schools in the United States, Canada and Australia were among those reporting major disruptions.
What is being done to restore services?
Instructure said Canvas services were restored for most users, while universities continue working with cybersecurity experts to investigate the incident and secure their systems.
Conclusion
The global Canvas cyber attack has highlighted the growing vulnerability of educational institutions to sophisticated hacking operations. With thousands of schools and universities affected during one of the most important periods of the academic year, students and staff faced major disruptions, uncertainty and anxiety over data security. The incident also raises fresh concerns about the need for stronger cybersecurity measures in education systems as cyber threats continue to evolve worldwide.
