A system used by thousands of schools and universities was offline on Thursday during a cyberattack, causing chaos as students tried to study for finals and highlighting education’s reliance on technology.
Luke Connolly, a threat analyst at cybersecurity firm Emisoft, said the hacking group called ShinyHunters claimed responsibility for the Canvas hack. Instructure, the company behind Canvas, did not immediately respond to a request for comment or questions about whether the system was removed as a precaution or because hackers took it offline.
Canvas is used to manage grades, course notes, assignments, lecture videos, and more. Connolly said the hacking group posted online that nearly 9,000 schools around the world were affected, with billions of private messages and other records accessed.
Students quickly took to social media to ask if others were unable to access Canvas, with many panicking that they could no longer view course materials within the platform to study for their final exams.
Screenshots provided by Connolly showed that the group began threatening on Sunday to leak the data set, with a deadline set for Thursday and May 12. Connolly said subsequent history suggests discussions regarding extortion payments may be ongoing.
Rich in digital data, the country’s schools are prime targets for remote criminal hackers. Who are working hard to locate and collect sensitive files that were stored on paper in locked cabinets not long ago. Previous attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.
Instructure did not post about the attack on its social media.
Connolly said the Canvas attack is strikingly similar to the hack at PowerSchool, which also provides learning management tools. In this case, a college student in Massachusetts was charged.
Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the United States and the United Kingdom. The group has also been linked to other attacks, including a targeted attack Live Nation is a subsidiary of Ticketmaster.
Universities and school districts quickly began notifying students and parents.
“This has been reported as a national cybersecurity incident,” the IT director at the University of Iowa College of Public Health wrote in announcing the disruption to the school’s online system. “Hopefully we will have a solution soon.”
Virginia Tech acknowledged in a notice to students that the administration was aware of the impact on final exams and other end-of-semester activities. The University of New Mexico sent a similar message to the campus community, and the University of Florida urged students to remain alert for any phishing messages that appear to be from Canvas.
Teachers say they have to find alternative solutions to help students study for exams and submit final assignments.
Damon Linker, a senior lecturer in the Department of Political Science at the University of Pennsylvania, said in a post on the social media platform The power outage leaves students and faculty “dead in the water here in academia right now,” he said.
Harvard student newspaper She mentioned that the system there was also down. Students at Johns Hopkins University simply received an error message when trying to view their final grades on the platform on Thursday. Public school districts also sought to reassure parents, with officials in Spokane, Washington, writing that they were “not aware of any sensitive data involved in this breach.”
Some schools, such as the University of Texas at San Antonio, announced they were postponing final exams scheduled for Friday in response to the outage.
___
This story has been corrected to attribute a quote to the IT director at the University of Iowa College of Public Health, and not to the university’s broader IT leader.
___
Associated Press journalist Hannah Schoenbaum in Salt Lake City contributed.