A major cyberattack hit numerous universities and schools in the United States, Canada, and Australia, causing chaos and significant disruptions during the high-stakes end-of-year exam period. The hacking group ShinyHunters claimed responsibility for the attack, which took the academic software Canvas offline for thousands of institutions this week.

By late Thursday, Instructure, the company that owns Canvas, posted an update stating that the platform was “available for most users,” but some universities still reported outages on Friday. The attack is estimated to have affected approximately 9,000 institutions globally.

Mississippi State University announced it was postponing Friday’s final exams to allow affected students to recover any lost work. Aubrey Palmer, a meteorology student, told the BBC that students had just completed a 2,900-word exam essay when a ransom note suddenly appeared on their screens. The message read: “Shiny Hunters has breached Instructure (again)” and threatened to release stolen data unless a ransom in bitcoin was paid.

Palmer said the professor and dozens of other students all saw the same note, causing confusion and anger. The university has since been updating students via email, rescheduling exams, and advising them to ignore suspicious messages. The University of Sydney told students on Friday that “Canvas was unavailable” and instructed them not to attempt to log in, acknowledging the disruption at a critical time.

Idaho State University canceled exams scheduled after noon on Thursday, while Penn State University told students that “no one has access” to Canvas and that a resolution was unlikely within 24 hours. The University of British Columbia informed students that Canvas was unavailable due to a cyber breach and advised them to log out immediately. The University of Chicago temporarily disabled its Canvas page after reports of targeting.

ShinyHunters has been linked to previous high-profile attacks, including a major hack on Jaguar Land Rover last year. The group has not disclosed what it plans to do with the data allegedly stolen in the latest attack. The cyberattack coincided with a letter from top US Senate Democrat Chuck Schumer urging the Trump administration to bolster defenses against cyber risks amid rapid AI development.

Source: www.bbc.com