Many Illinois colleges and schools are scrambling after the online learning platform Canvas went offline Thursday following a cyberattack on its parent company.
The shutdown forced the University of Illinois Urbana-Champaign to postpone all final exams and assignments scheduled for Friday, Saturday and Sunday, leaders told students in a message sent Thursday night.
Thousands of K-12 school districts and colleges use Canvas nationwide, including U of I and Northwestern University, to manage classes, post assignments and communicate with students. Chicago Public Schools said Friday that it does not use Canvas and the district was not affected by the platform going offline.
Instructure, which runs Canvas, said the platform was back online Friday, but some colleges are still cautioning against using it.
Instructure said last week that it had experienced a “cybersecurity incident perpetrated by a criminal threat actor” that exposed users’ names, email addresses and student ID numbers, as well as internal messages.
In an update, the company said it took Canvas offline Thursday when it detected unauthorized activity related to last week’s data breach “to contain the activity, investigate, and apply additional safeguards,” before bringing it back online the next day. The company said it had temporarily shut down all free-for-teacher accounts, as those were the source of the breach.
A hacking group known as ShinyHunters claimed responsibility for the data breach, according to reporting by the New York Times, and is threatening to release “billions of private messages among students and teachers” if Instructure doesn’t meet its ransom demands.
The University of Chicago’s student newspaper, the Chicago Maroon, reported that Canvas users at the university briefly saw a message from the hacking group on Thursday that said affected schools could reach out and negotiate a settlement before May 12, when they threatened to release private data.
Northwestern University provided suggestions for professors to stay in touch with students and accept student work while Canvas was offline.
U of I officials urged students not to open Canvas or click on any links if they saw a message from the platform related to the cyberattack because they could contain malware or be otherwise compromised. John Coleman, the university’s provost, told students that U of I was talking with other colleges about next steps and acknowledged the situation had added “stress and uncertainty” to the end of the academic year.
A spokesperson for Bradley University in Peoria said Canvas was down for about six hours on Thursday but final exams and end-of-semester activities are proceeding as planned after the system came back online.
Cybersecurity incidents are common in schools, according to research conducted by the nonprofit RAND Corporation.
In 2024, about 60% of K-12 principals said on a nationally representative survey that their school had experienced at least one cybersecurity incident in the previous two school years, mostly compromised emails and phishing attacks.
But 14% percent said they experienced a data breach and 10% said they experienced a ransomware attack, which can be especially disruptive if hackers demand payment for the release of schools’ data.
Instructure said it had notified the FBI and federal cybersecurity officials about the incident, and it had found no evidence that passwords, dates of birth, Social Security numbers or student financial information were taken.
Still, the company advised students and families to be cautious of unexpected emails or messages and to report anything unusual to their school’s IT or security team.
Contributing: Emmanuel Camarillo and Cam Rodriguez