A large-scale cyberattack has caused widespread disruption across universities and schools in the United States, Canada and Australia, forcing institutions to cancel exams, delay coursework and scramble to restore access to critical online systems during a crucial academic period.
The attack targeted the widely used education platform Canvas (Instructure), which is used by thousands of schools and universities worldwide. Its parent company, Instructure, confirmed that services were restored for most users by Thursday, though many institutions continued to experience outages into Friday.
The hacking group ShinyHunters claimed responsibility for the breach, alleging that it had gained access to systems used by approximately 9,000 educational institutions globally. Screens shared online indicated that ransom demands were issued in exchange for preventing the release of allegedly stolen data.
The timing of the attack caused significant disruption, coming at the end of the academic term when students were completing final exams and submitting coursework. At Mississippi State University, officials postponed Friday examinations after students reported losing access to ongoing assessments. One student described how a ransom message appeared mid-exam, creating confusion in classrooms as students and staff attempted to determine whether their work had been saved.
Similar disruptions were reported across multiple campuses. Pennsylvania State University informed students that Canvas access had been lost entirely and warned that systems were unlikely to be restored within 24 hours. Several exams were cancelled as a result.
In Canada, the University of British Columbia confirmed that Canvas had gone offline due to a cyber breach affecting its service provider, while the University of Toronto also reported impacts linked to the same incident. In Australia, the University of Sydney advised students not to attempt logging in, noting that coursework and assessments had been affected at a critical stage of the semester.
Students described widespread confusion and anxiety as access to assignments and exams disappeared without warning. At the University of Chicago, administrators temporarily disabled Canvas after suspicious activity was detected, while other institutions issued urgent advisories warning students not to respond to phishing emails.
Cybersecurity analysts said the attack appeared to involve coordinated extortion efforts, with ransom messages instructing institutions to negotiate privately to avoid data leaks. The group has previously been linked to high-profile breaches, raising concerns about its evolving tactics and scale of operations.
Officials in affected universities have begun coordinating with cybersecurity teams to assess the extent of the breach and restore services. However, many students remain unable to access coursework or confirm whether submitted work has been preserved.
Authorities continue to investigate the incident, which has highlighted the vulnerability of global education systems increasingly reliant on centralized digital platforms during high-pressure academic periods.
