Canvas Platform Restores Service After Ransomware Breach; Hackers Claim 9,000 Schools Exposed Globally

The Canvas learning management system, a critical infrastructure backbone for thousands of educational institutions worldwide, has restored online access following a cyberattack that disrupted operations across multiple schools. The platform, operated by Instructure, handles sensitive academic functions including grade management, course content distribution, assignment tracking, and lecture video delivery—making it a high-value target for threat actors seeking large volumes of education sector data.

Security researchers and the responsible hacking group confirmed that the attack involved ransomware deployed against Canvas infrastructure. The perpetrators posted online that approximately 9,000 schools globally were affected, with billions of private messages and academic records allegedly accessed during the breach. The scope of the incident places it among the most significant education-sector cyberattacks in recent years, directly impacting students, educators, and administrative staff whose academic communications and performance data may now be exposed.

The breach raises serious concerns about data security practices across the K-12 and higher education sectors, which have historically lagged behind other industries in cybersecurity investment. Educational institutions typically store highly sensitive information—including student IDs, grades, disciplinary records, and in some cases financial or health data—that can be weaponized for identity theft, social engineering campaigns, or resale on criminal marketplaces. Instructure has not publicly disclosed the full technical details of the attack vector or confirmed the exact number of affected institutions. Federal education and cybersecurity agencies are expected to release guidance as the investigation into the incident continues.