An international cyberattack has caused significant disruption, chaos, and confusion across numerous universities and schools in the US, Canada, and Australia, particularly during the critical end-of-year academic period.
The hacking group ShinyHunters reportedly claimed responsibility for the incident, which led to the popular academic software Canvas, utilized by thousands of educational institutions, going offline this week.
By late Thursday, Instructure, the company owning Canvas, updated its website stating that Canvas was “available for most users.” However, some universities continued to report outages into Friday.
The cyberattacks targeted educational institutions worldwide, impacting an estimated 9,000 institutions.
On Friday, the University of Sydney informed its students that “Canvas was unavailable” and advised them against attempting to log in.
“We are one of approximately 9,000 institutions around the world that are impacted by this outage, and we are still waiting for advice from Instructure,” the university stated in an official announcement.
The university acknowledged the significant disruption to students’ coursework and examinations, noting “how disruptive this is at a critical time in the semester.”
Mississippi State University announced the postponement of Friday’s final exams to provide affected students time to recover any lost work.
On Thursday, Idaho State University cancelled exams scheduled after 12:00 local time (18:00 GMT).
Penn State University informed students on Thursday that “no one has access” to Canvas, indicating that a “resolution” was unlikely “within the next 24 hours.” The university subsequently cancelled some exams scheduled for Thursday and Friday.
In an update on Thursday evening, the University of British Columbia in Vancouver notified students that Canvas was “unavailable due to a cyber breach of its parent company Instructure,” advising immediate logout.
The University of Toronto also reported being impacted by the breach, confirming that “multiple universities were affected.”
Students at the University of California Los Angeles faced difficulties submitting assignments via the Canvas platform, while the University of Chicago in Illinois temporarily disabled its Canvas page following reports of being targeted.
The Chicago Maroon, the university’s newspaper, published a screenshot of a message from ShinyHunters that appeared to be a ransom demand.
The message urged the university to contact the hacking group privately “to negotiate a settlement” and prevent “the release of their data.”
This was the same message that Jacques Abou-Rizk, a master’s student at Northwestern University, reported receiving after clicking a link in an email seemingly from a university administrator.
“I didn’t know what was happening,” Abou-Rizk recounted. “It’s a scary message to receive.”
He stated that the university addressed the issue on Thursday with a generic email, seen by the BBC, indicating that Northwestern was “monitoring an issue.”
The email specified that the university had no estimated restoration time for Canvas and confirmed that other IT infrastructure remained unaffected.
Abou-Rizk reported still being unable to access Canvas on Friday and had not received further communication from the university since.
“There’s definitely anxiety surrounding not only being able to complete my work and access the sites that I need access to on Canvas,” Abou-Rizk expressed. “But also just not knowing exactly what the threat is and how it might affect me.”
“I don’t know what data will be released, and that scares me.”
The BBC has contacted Northwestern University for comment.
Screenshots indicate that the group’s targeted threats began on Sunday, with deadlines set for Thursday and May 12, according to Luke Connolly, a threat analyst at the cybersecurity firm Emisoft, who spoke to the Associated Press.
Connolly suggested that discussions regarding extortion payments might be ongoing.
These cyberattacks on Thursday coincided with a letter sent by Chuck Schumer, the top US Senate Democrat, to the Trump administration, urging stronger defenses against cyber risks in the era of rapidly developing AI.
Schumer emphasized that the Department of Homeland Security, the agency tasked with defending against cyberattacks, “must immediately help states and localities.”
“Before Americans are hit with outages, disruptions, and attacks that could put lives and livelihoods at risk,” he added.
With additional reporting by Nadine Yousif in Toronto.
#CyberAttack #EducationDisruption #ShinyHunters #CanvasOutage #UniversitySecurity #Ransomware #Cybersecurity #StudentImpact #GlobalHack #DataBreach
Leave a Reply