Ransomware Attack on Canvas LMS Hits 275 Million Records During Finals Week

A ransomware attack on one of the most widely used education platforms in the world knocked schools offline during one of the worst possible times: final exam week.

A group identifying itself as ShinyHunters claimed responsibility for breaching Instructure, the parent company of Canvas LMS. The attack took Canvas offline for universities and K-12 schools across the United States and beyond. Ransom notes appeared on login pages, and reports emerged of a data breach affecting up to 275 million records, including student names, IDs, emails, and messages.

Many institutions faced outages during final exams. Instructure said service had been restored for most users within hours, but investigations into the scope of the breach are continuing.

The incident exposes the vulnerability of critical education technology platforms. Canvas is used by millions of students and educators worldwide. A single breach can cause widespread disruption at a pivotal time in the academic calendar.

The attack is part of a broader pattern of ransomware groups targeting institutions that cannot afford downtime. Schools, hospitals, and government agencies have all been hit in recent years. The education sector has been a frequent target because of its large user bases, often limited cybersecurity budgets, and the sensitivity of student data.

Cybersecurity experts say the incident underscores the need for education technology providers to invest more heavily in security infrastructure and incident response planning. For students and educators affected by the breach, the advice is to monitor accounts for unusual activity and change passwords as a precaution.