Canvas platform disruption paralyse thousands of US schools during finals week
Major universities including Harvard and Columbia face operational chaos as hackers demand a settlement by May 12
Thousands of educational institutions across the United States faced significant operational paralysis on Thursday after education technology firm Instructure placed its Canvas platform into maintenance mode. The disruption coincided with a critical period of finals and end-of-year assignments, throwing into disarray the daily routines of students and staff at major universities such as Harvard, Columbia, Rutgers, and Georgetown.
The incident follows a data breach attributed to a hacker group operating under the name ShinyHunters. The group claimed to have compromised sensitive data belonging to over 8,800 institutions, including student names, email addresses, and ID numbers. While the situation was initially marked as resolved on Wednesday, a secondary wave of attacks on Thursday injected an HTML file into schools' login pages to display defacement messages and extortion demands.
Instructure's status page registered an issue at midday on Thursday, noting that some users were having difficulties logging into Student ePortfolios. This prompted the company to place Canvas, Canvas Beta, and Canvas Test into maintenance mode to address the cybersecurity incident. The outage caused chaos for regular people across the US, with universities sending alerts to students regarding the situation in recent days.
Late Thursday evening, Instructure announced that Canvas was available again for most users. However, the exact scope of the data exposure remains unclear despite the restoration of access. The disruption highlights the vulnerability of critical academic infrastructure to cyber threats, particularly when they occur during high-stakes examination periods.
The secondary wave of attacks involved hackers modifying the Harvard Canvas login page to show a list of allegedly impacted schools. The message urged these institutions to negotiate a settlement before the end of the day on May 12, threatening to leak the compromised data if demands were not met. This escalation marks a significant development in the ongoing extortion attempt that began on May 1.
Allison Nixon, chief research officer at cybersecurity firm Unit 221b, noted that the activity appears related to a group sometimes referred to as ScatteredLapsus$Hunters. She warned that while the hackers may use recycled data to exaggerate claims, the disruption caused for schools across the country is all too real and represents a systemic international issue of cybercrime.
