Widespread Cyberattack Affects Educational Institutions
A cyberattack targeted numerous universities and schools across the United States, Canada, and Australia, causing significant disruption during the critical end-of-year academic period.
The hacking group ShinyHunters claimed responsibility for the incident, which resulted in the academic software platform Canvas, utilized by thousands of educational institutions, becoming inaccessible this week.
By late Thursday, Instructure, the company that owns Canvas, posted an update on its website indicating that the platform was "available for most users," although some universities continued to report outages on Friday.
The cyberattacks impacted an estimated 9,000 institutions globally.
Impact on Universities and Students
Mississippi State University announced the postponement of Friday's final exams to allow students affected by the outage to recover any lost work.
Aubrey Palmer, a meteorology student at Mississippi State University, described her experience to the BBC. She had just completed a 2,900-word exam essay when a ransom note appeared on her screen.
"Shiny Hunters has breached Instructure (again)."
The message threatened to release stolen data unless Canvas or the affected universities paid a ransom in bitcoin.
"My knee‑jerk reaction was that I'd been hacked myself, because that's what it looked like," Palmer said. "But then I actually read the ransom note and saw it was Canvas that had been hacked."
Palmer recounted that she was with her professor and dozens of other students, all of whom noticed they had received the same message simultaneously.
Initially, it was unclear whether their work had been saved.
Frustration quickly spread among the students, with Palmer expressing her anger at the prospect of redoing her exam.
"So angry at the idea of having to redo" her exam, Palmer said.
The university has been communicating with students via email, rescheduling exams, and advising them to disregard suspicious messages while addressing what it described as a "nationwide security incident."
Courtsey of Audrey Palmer Meteorology student Audrey Palmer points to a weather diagram on a blackboard with a piece of chalk while smiling and facing a classroom.
The University of Sydney informed students on Friday that "Canvas was unavailable" and instructed them not to attempt to log in.
"We are one of approximately 9000 institutions around the world that are impacted by this outage, and we are still waiting for advice from Instructure," the university stated on its website.
The outage disrupted students' coursework and examinations, with the university acknowledging the significant disruption during a critical time in the semester.
On Thursday, Idaho State University announced the cancellation of exams scheduled after 12:00 local time (18:00 GMT).
Penn State University communicated to students on Thursday that "no one has access" to Canvas and indicated that a "resolution" was unlikely within the next 24 hours. The university cancelled some exams scheduled for Thursday and Friday.
In an update on Thursday evening, the University of British Columbia in Vancouver notified students that Canvas was "unavailable due to a cyber breach of its parent company Instructure" and advised immediate logout.
The University of Toronto also reported being affected by the breach, stating that "multiple universities were affected."
Students at the University of California Los Angeles experienced difficulties submitting assignments online via Canvas, and the University of Chicago temporarily disabled its Canvas page following reports of being targeted.
The Chicago Maroon, the university-led newspaper, published a screenshot of a message from ShinyHunters that appeared to demand a ransom.
The message encouraged the university to contact the hacking group privately "to negotiate a settlement" and avoid "the release of their data."
Individual Experiences and University Responses
Northwestern University master's student Jacques Abou-Rizk reported receiving the same message after clicking a link in an email that appeared to be from a university administrator.
"I didn't know what was happening," Abou-Rizk recalled. "It's a scary message to receive."
The university addressed the issue on Thursday by sending a generic email, seen by the BBC, stating that Northwestern was "monitoring an issue."
The email noted that the university did not have an estimated restoration time for Canvas and that other IT infrastructure had not been affected.
Abou-Rizk said he was still unable to access Canvas on Friday and had not received further communication from the university.
"There's definitely anxiety surrounding not only being able to complete my work and access the sites that I need access to on Canvas," Abou-Rizk said. "But also just not knowing exactly what the threat is and how it might affect me.
"I don't know what data will be released, and that scares me."
The BBC has contacted Northwestern University for comment.
Background on ShinyHunters and Ongoing Developments
ShinyHunters has been linked to several high-profile cyberattacks previously, including a major and economically damaging hack on Jaguar Land Rover last year.
Luke Connolly, a threat analyst at the cybersecurity firm Emisoft, told the Associated Press that screenshots indicate the targeted threats from the group began on Sunday, with deadlines set for Thursday and 12 May.
He added that discussions regarding extortion payments might be ongoing.
The group has not disclosed its plans for the data it claims to have obtained during the latest attack.
Political Response and Cybersecurity Concerns
The cyberattacks on Thursday coincided with a letter from the top US Senate Democrat, Chuck Schumer, to the Trump administration, urging enhanced defenses against cyber risks amid rapid developments in artificial intelligence.
Schumer emphasized the need for the Department of Homeland Security, the agency responsible for defending against cyberattacks, to "immediately help states and localities."
"Before Americans are hit with outages, disruptions, and attacks that could put lives and livelihoods at risk," he wrote.
Additional reporting was provided by Rebecka Pieder and Nadine Yousif in Toronto.
