A widespread cyberattack has disabled a learning management system used by thousands of educational institutions across the country, leaving students unable to access course materials during the critical final examination period and highlighting the vulnerabilities inherent in our increasingly digitized educational infrastructure.

The platform Canvas, operated by the company Instructure, went offline Thursday following what cybersecurity analysts have identified as a deliberate breach. According to Luke Connolly, a threat analyst at the cybersecurity firm Emisoft, a hacking collective known as ShinyHunters has claimed responsibility for the attack.

Late Thursday evening, Instructure reported that Canvas had been restored for most users, though the full extent of the disruption remains under assessment.

The outage affected numerous prominent institutions. Penn State, the University of Wisconsin-Madison, Columbia University, and Union College New Jersey were among those reporting significant disruptions. On the West Coast, UCLA and several other California institutions experienced service interruptions. In the Chicago region, Northwestern University, the University of Chicago, the University of Illinois Chicago, and the University of Illinois all reported being affected by the breach.

Penn State informed its student body that Canvas was completely inaccessible and that a resolution was not anticipated within twenty-four hours. The university subsequently canceled all examinations scheduled for Thursday and Friday at its Pollock Testing Center.

Canvas serves as a central hub for academic operations, managing grades, course notes, assignments, lecture videos, and other essential educational materials. The timing of this attack, coinciding with final examinations at many institutions, has created particular hardship for students and faculty alike.

The hacking group has claimed that nearly nine thousand schools worldwide were affected, with billions of private messages and other records potentially compromised. Screenshots reviewed by cybersecurity analysts indicate that ShinyHunters began threatening to release the stolen data on Sunday, establishing deadlines of Thursday and May 12. The existence of multiple deadlines suggests that negotiations regarding extortion payments may be underway.

Educational institutions have become increasingly attractive targets for cybercriminals. The digitization of records that were once secured in locked filing cabinets has created vast repositories of sensitive information vulnerable to exploitation. Previous attacks have struck the Minneapolis Public Schools and the Los Angeles Unified School District, among others.

Connolly noted that the Canvas breach bears striking similarities to a recent attack on PowerSchool, another provider of learning management tools. In that incident, a Massachusetts college student faced criminal charges.

According to Connolly’s analysis, ShinyHunters operates as a loose affiliation of teenagers and young adults based primarily in the United States and the United Kingdom. The group has been connected to previous cyberattacks, including a breach targeting Live Nation’s Ticketmaster subsidiary.

Public school districts affected by the outage have attempted to reassure concerned parents. Officials in Spokane, Washington, stated they were not aware of any sensitive data being compromised in the breach, though the full scope of the incident continues to unfold.

The attack underscores the education sector’s growing dependence on technology and the corresponding security challenges that accompany this reliance. As institutions increasingly commit their operations to digital platforms, the need for robust cybersecurity measures has never been more apparent.

Related: CDC Monitors Hantavirus Outbreak on Cruise Ship as Three Deaths Confirmed