Canvas Restored After Daylong Outage as Hackers Threaten Data Leak
City College's instructional platform was down for nearly nine hours on Thursday, with less than a week before finals
A cybersecurity breach disrupted Canvas access for City College students on Thursday after the cybercriminal group ShinyHunters posted a threatening message across the platform, escalating a data breach that may affect millions of users nationwide.
City College appeared on a list of affected schools published by ShinyHunters, a copy of which was archived on the Wayback Machine. The college has not publicly addressed whether its students' or employees' data was specifically compromised.
The Office of Student Affairs confirmed the disruption in a 1:45 p.m. email to students, writing that Canvas "is currently experiencing a widespread outage and will not be available until Instructure resolves the issue." The college said it is monitoring the situation, but that a fix is dependent on Instructure, the company that operates Canvas.
The outage raised concerns about potential impacts to exam schedules, assignment submissions and access to course materials less than a week before City College's spring final exams begin on May 13.
According to the California Community Colleges Security Center, Instructure detected the intrusion on April 29. The Security Center had been tracking the incident since May 1 in coordination with the CCC Chancellor's Office, calling it a "vendor level incident, not a targeted attack on any individual college."
ShinyHunters first claimed to have stolen data from Instructure on May 3, saying the group had compromised information belonging to an estimated 275 million users across roughly 9,000 schools. On Thursday, the group posted a message directly on Canvas dashboards warning that it would release stolen data by May 12 if its demands were not met. The message was replaced by a "planned maintenance" notice shortly after.
According to Instructure, the compromised data may include names, email addresses, student IDs and messages exchanged on the platform. The company reported finding no evidence that passwords, financial records, dates of birth or government identifiers were accessed.
The CCC Security Center also warned Thursday that some users had received scam emails from the group claiming to have monitored their web browsing activity and demanding Bitcoin payment within 48 hours. The center advised students to delete such messages immediately and avoid clicking any links or attachments.
The UCs and CSUs reported similar disruptions, as did higher education institutions across the country.
Students with concerns should monitor Instructure's status page and watch for phishing emails.
This is a developing story.
