ShinyHunters Ransoms Canvas LMS: 9,000 Schools and Universities Disrupted in Coordinated Cyberattack

The hacking collective ShinyHunters has claimed responsibility for a sweeping ransomware attack targeting Instructure's Canvas learning management system, affecting an estimated 9,000 universities and schools across the United States, Canada, and Australia. The attack triggered widespread service outages, forcing numerous institutions to suspend online coursework, postpone examinations, and extend assignment deadlines as IT teams scrambled to contain the breach. Students at affected schools reported seeing ransomware notes displayed on their screens, demanding payment in Bitcoin to restore access to coursework and academic records.

The incident represents one of the most significant cyber intrusions against educational infrastructure in recent years. Canvas, widely adopted as a core platform for course management, grade tracking, and student communication, became unavailable at hundreds of institutions simultaneously. University administrators described an urgent and chaotic recovery effort, with staff working around the clock to restore systems and provide alternative guidance to students. The scale of the disruption suggests the attackers exploited either a supply-chain vulnerability or a misconfiguration within the software environment rather than targeting individual institutions one by one.

Security analysts warn that the attack exposes deep structural weaknesses in how educational institutions manage third-party SaaS platforms. Many schools rely on external vendors to handle sensitive student data without maintaining independent backup systems or incident response capabilities. The breach also reignites debate about cybersecurity investment in the academic sector, which historically has lagged behind finance and healthcare in defensive posture. As AI-powered attack tools become more accessible, experts stress that institutions must reassess vendor risk management and develop resilient contingency plans to prevent single points of failure from cascading into campus-wide paralysis.