International cyber attack disrupts swathe of universities and schools

Global Impact and Ransom Demands

International cyber attack disrupts swathe of universities – A coordinated cyber assault disrupted educational systems across the United States, Canada, and Australia, creating significant challenges for students and staff during a crucial academic period. The attack, attributed to the hacking collective ShinyHunters, caused the Canvas learning platform—used by thousands of institutions—to experience widespread outages. By Thursday, Instructure, the company behind Canvas, issued an update stating the platform was “available for most users,” though some universities continued reporting technical difficulties into Friday.

The breach targeted over 9,000 institutions globally, affecting everything from coursework to final examinations. Mississippi State University, for instance, announced the postponement of Friday’s exams to accommodate students who had lost progress due to the disruption. One student, Aubrey Palmer, described the chaos: “We were in the middle of writing a 2,900-word essay when a ransom note popped up on our screens. It read, ‘Shiny Hunters has breached Instructure (again).’” The message warned of stolen data being released unless a bitcoin ransom was paid.

“My knee-jerk reaction was that I’d been hacked myself, because that’s what it looked like,” Palmer said. “But then I actually read the ransom note and saw it was Canvas that had been hacked.”

Initially, uncertainty surrounded whether students’ work had been saved. This led to growing frustration as exams were abruptly halted. Palmer noted that confusion spread rapidly, with professors and students alike reacting to the sudden malfunction. “Everyone was looking around the room in bewilderment,” he recalled. The incident highlighted the vulnerability of digital infrastructure during high-pressure academic moments.

Universities Take Immediate Action

In response to the crisis, universities scrambled to mitigate the fallout. The University of Sydney informed students on Friday that Canvas was “unavailable” and urged them to avoid logging in. The institution emphasized its status as one of nearly 9,000 globally impacted by the outage, stating they were still awaiting guidance from Instructure.

Idaho State University canceled exams scheduled after 12:00 local time on Thursday, while Penn State University reported no access to Canvas and hinted that a resolution might not arrive within 24 hours. The university rescheduled some assessments to ease the burden on students. Meanwhile, the University of British Columbia issued a late Thursday update, clarifying that Canvas was “unavailable due to a cyber breach of its parent company Instructure” and advising users to log out immediately.

The University of Chicago, in Illinois, temporarily disabled its Canvas page after confirming it had been targeted. Students at the University of California, Los Angeles, faced difficulties submitting assignments online, further complicating their academic schedules. At the University of Toronto, officials noted the breach had “multiple universities” affected, underscoring the incident’s broad reach.

Students’ Reactions and Uncertainty

Among those directly impacted was Jacques Abou-Rizk, a masters student at Northwestern University. He shared his experience of receiving a ransom message via an email that seemed to originate from a university administrator. “I didn’t know what was happening,” Abou-Rizk explained. “It’s a scary message to receive.”

“I was still unable to access Canvas on Friday and have not heard from the university since,” he added. “There’s definitely anxiety surrounding not only being able to complete my work and access the sites I need on Canvas, but also just not knowing exactly what the threat is and how it might affect me.”

The message from ShinyHunters, which appeared to seek a ransom, encouraged universities to contact the group privately to “negotiate a settlement” and prevent data leaks. Abou-Rizk’s university sent a generic email on Thursday, stating it was “monitoring an issue” but offering no timeline for recovery. Despite this, the ransom note’s presence left many students unsettled.

Broader Implications and Institutional Responses

While Canvas was the primary platform affected, the incident raised concerns about the security of educational institutions’ digital infrastructure. Universities such as the University of Chicago and UCLA faced operational setbacks, with some students forced to submit work manually or delay deadlines. The University of Toronto’s acknowledgment of the breach, though brief, signaled the broader scope of the attack.

ShinyHunters’ tactics—combining technical disruption with ransom demands—highlighted the evolving nature of cyber threats in the education sector. The group’s ability to target a widely adopted platform like Canvas amplified the disruption, as the outage affected both teaching and learning processes simultaneously. Instructure’s efforts to restore access were met with mixed results, with some institutions still grappling with the aftermath by Friday.

As the situation unfolded, universities prioritized communication with students. Mississippi State University, for example, used email updates to inform about exam rescheduling, while others provided guidance on navigating the crisis. Despite these measures, the lingering uncertainty about data security and the timeline for recovery continued to weigh on students. Abou-Rizk’s experience exemplified the emotional toll of such incidents, as learners faced the dual challenge of technical barriers and fear of data exposure.

Context and Long-Term Concerns

The attack underscored the critical role of digital platforms in modern education and the risks associated with their reliance on centralized systems. With Canvas serving as a cornerstone for online learning, its disruption rippled across continents, affecting millions of students and educators. The incident also sparked discussions about the need for enhanced cybersecurity measures in educational institutions.

While the immediate crisis was addressed with temporary fixes, the long-term implications remained unclear. The ransom note’s presence suggested ShinyHunters aimed to exploit the urgency of the end-of-year season, leveraging the platform’s widespread use to maximize impact. As universities worked to restore normalcy, the question of how prepared they were for such threats lingered, especially with the threat of data breaches looming large.

The coordinated nature of the attack, spanning multiple countries, pointed to a growing trend of international cyber operations targeting education. With schools and universities increasingly dependent on digital tools, the breach served as a stark reminder of the vulnerabilities within these systems. The response from institutions—ranging from rescheduling exams to issuing precautionary advice—demonstrated both resilience and the challenges of adapting to real-time disruptions.

As the week progressed, the situation remained fluid, with updates from Instructure and affected universities offering glimpses into the scale of the problem. The incident not only tested the technical capabilities of educational providers but also highlighted the human element of cyberattacks, where fear and confusion played as significant a role as the actual disruption itself.