ShinyHunters Claims Cyberattack on Canvas Learning System Used by Thousands of Schools

A cyberattack knocked offline Canvas, the learning management system from Instructure that thousands of schools and universities rely on. The outage hit Thursday and caused chaos for students preparing for finals.

The hacking group ShinyHunters claimed responsibility for the breach, according to Luke Connolly, a threat analyst at the cybersecurity firm Emisoft. CBS News has reached out to Instructure for comment.

Universities reporting impacts include Penn State, the University of Wisconsin-Madison, Columbia University and Union College New Jersey. UCLA was among several California schools crippled by the outage. In the Chicago area, Northwestern University, the University of Chicago, the University of Illinois Chicago and the University of Illinois also faced disruptions.

Penn State told students that no one has access to Canvas and a resolution was not expected within the next 24 hours. The school canceled all tests scheduled for Thursday and Friday in its Pollock Testing Center.

Harvard's student newspaper reported the system was down there as well. Public school districts sought to reassure parents. Officials in Spokane, Washington, said they aren't aware of any sensitive data contained in this breach.

Canvas handles grades, course notes, assignments, lecture videos and more. ShinyHunters posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.

Screenshots he provided showed the group began threatening Sunday to leak the data trove, with deadlines of Thursday and May 12. Connolly said the later date suggests discussions about extortion payments may be ongoing.

Schools across the nation hold troves of digitized data that make them prime targets for criminal hackers seeking sensitive files once stored on paper in locked cabinets. Past attacks have struck Minneapolis Public Schools and the Los Angeles Unified School District.

Instructure has not posted about the attack on its social media. Connolly said the Canvas breach resembles one at PowerSchool, another provider of learning management tools where a Massachusetts college student was charged.

Connolly described ShinyHunters as a loose group of teenagers and young adults based in the U.S. and the United Kingdom. The group also has links to an attack on Live Nation's Ticketmaster subsidiary.