ShinyHunters Cyber Attack Disrupts US University Canvas Systems Nationwide

A coordinated cyber attack on Thursday paralysed the Canvas academic software platform for numerous universities and schools across the United States. The hacking collective ShinyHunters has reportedly claimed responsibility for the disruption, which led to widespread chaos and confusion during the critical end-of-year assessment period.

By late Thursday, Instructure, the company behind Canvas, stated that the system was "available for most users". However, the impact was felt from California to New York, with institutions such as Penn State University informing students that Canvas access was compromised and a resolution was unlikely within 24 hours. Consequently, Penn State cancelled some exams scheduled for Thursday and Friday.

Students at the University of California Los Angeles faced difficulties submitting assignments, while the University of Chicago temporarily disabled its Canvas page following reports of targeting. The Chicago Maroon, the university's newspaper, published a screenshot of a message from ShinyHunters. The message appeared to demand a ransom, urging the university to negotiate privately to prevent the release of sensitive data.

Luke Connolly, a threat analyst at cybersecurity firm Emisoft, indicated that the threats from ShinyHunters began on Sunday, setting deadlines for Thursday and 12 May. Discussions regarding potential extortion payments may still be ongoing.

This cyber incident coincided with a letter from US Senate Democrat Chuck Schumer to the Trump administration, pressing for enhanced cyber defence measures. Schumer emphasised the urgent need for the Department of Homeland Security to assist states and localities in bolstering their cyber resilience "before Americans are hit with outages, disruptions, and attacks that could put lives and livelihoods at risk."