The educational platform Canvas, widely used in American higher education, has been the victim of a hacking and massive data breach. According to initial reports, over 9,000 institutions and 275 million student data were compromised in the United States, as well as in Canada.
Cyberattacks are now targeting the academic and student world. In France, a few weeks ago, Crous confirmed a data breach. While the organization mentioned around 770,000 affected students, hackers claimed a much higher number, close to 1.9 million victims, revealing the potential extent of the breach.
More recently, universities across the Atlantic have been targeted. The educational platform Canvas, widely used in American higher education, became inaccessible for several hours. Prestigious institutions like Stanford, Berkeley, Pennsylvania State University, and Columbia confirmed that their students, teachers, and staff were unable to access this central communication and educational management tool. The parent company, Instructure, stated that the platform was “currently inaccessible.”
According to Ransomware.live, an independent platform that tracks ransomware group activity, nearly 9,000 institutions and 275 million people were affected, with many potentially compromised personal data. The hacker group “ShinyHunters” claimed responsibility for the attack, as revealed by a ransom demand obtained by the Washington Post. Remaining true to their methods, the group would have stolen data by threatening to disclose it in the absence of payment.
“Biggest hacking in the education sector”
In Canada as well, the cyberattack made waves. As confirmed by Radio-Canada, several educational institutions in Ontario, including the prestigious University of Toronto, were affected. The incident was caused by a vulnerability in the widely used Canvas platform for distributing courses, sharing resources, and managing assessments.
The scale of the incident raised serious concerns in the sector. David Shipley, CEO of Beauceron Security, stated to Radio-Canada that it could be the “biggest hacking ever in the education sector,” describing it as an “incredibly destructive” attack. Millions of students, teachers, and staff could be affected by this data breach.
Meanwhile, the platform’s parent company, Instructure, explained that the hackers initially breached their systems by exploiting a vulnerability related to free accounts for teachers. This type of intrusion is not unprecedented: in December 2024, the educational platform PowerSchool was also hacked. The company chose to pay a ransom at the time, hoping to prevent the public release of compromised data… showing the ongoing vulnerability of educational digital infrastructures.
Context: – Canvas is an educational platform used in higher education in the United States. – The hacking incident affected millions of students, teachers, and staff in both the US and Canada.
Fact Check: – The information about PowerSchool being hacked in December 2024 is inaccurate, as the date has not occurred yet at the time of writing.
