Canvas Online Learning Platform Disabled After Breach by Hackers

Education|Canvas Online Learning Platform Disabled After Breach by Hackers

Canvas, a platform used by over 8,000 universities and K-12 schools for course websites, assignments and communication, was shut down for several hours on Thursday. A hacking group claimed responsibility for a data breach affecting the company that owns the platform, jeopardizing the personal data of millions of students and teachers.

Several prominent universities, including the University of Michigan and Harvard, alerted students on Thursday that Canvas was unavailable. Across the country, students have been preparing for, or are already taking, their final exams.

Instructure, which provides its Canvas software to about half of all colleges and universities in North America, said the software was under maintenance, and anticipated “being up soon” in an alert posted on its website Thursday evening. The company earlier said it was investigating why the software was unavailable.

Instructure did not immediately respond to a request for comment.

ShinyHunters, the hacking group that claimed responsibility for the Instructure data breach, said it had accessed data from more than 275 million people across nearly 9,000 schools, according to a ransom letter shared on May 3 by Ransomware.live, which monitors ransomware groups.

An email shared with students at Barnard College in New York said the outage had appeared to be “the result of a previous cyberattack on Instructure.”

Instructure disclosed on May 1 that it had experienced a “cybersecurity incident perpetrated by a criminal threat actor.” Steve Proud, Instructure’s chief information security officer, said the company had enlisted forensics experts to minimize the impact of the breach.