Canvas, digital platform used by universities, back up after ransom hack

• Canvas, a learning management platform, is back online after being down for hours on May 7 following a cyberattack.
• Hacking group ShinyHunters took responsibility for the breach at Instructure, and claimed that almost 9,000 schools were affected worldwide.

Canvas, a learning management platform used by thousands of schools and universities, was down for hours on May 7 after a cyberattack, disrupting access to grades and coursework during spring finals season for many.

Colleges and universities across the United States, including the University of Michigan, Harvard University, and Pennsylvania State University, disclosed on May 7 that Canvas had reported a security incident and was experiencing an outage. The incident disrupted classes, coursework and exams.

Hacking group ShinyHunters claimed responsibility for the alleged breach at Instructure, the company that owns Canvas, according to The New York Times and CNN. The group claimed that nearly 9,000 schools worldwide were affected, and that the data of 275 million individuals — including students, teachers and other staff — was stolen. ShinyHunters gave affected schools a deadline of May 12 "to negotiate a settlement," according to CNN, and told Instructure to "pay or leak."

As of May 8, Instructure said it found no evidence that "passwords, dates of birth, government identifiers, or financial information" were involved in the data breach. However, it said "names, email addresses, student ID numbers, and messages among Canvas users" were accessed.

Is Canvas back up?

On May 8, Canvas was again available for most users, according to a status update on operator Instructure’s website. Additionally, Instructure said that "Canvas is fully back online and available for use" on a different page. Instructure says it contacted impacted organizations on May 5, and that students, parents and employees at affected schools should take whatever action is suggested by their individual institutions.

"In the meantime, it is always a good practice to be cautious of unexpected emails or messages referencing this incident, avoid clicking suspicious links, and report anything unusual to your school or institution’s IT or security team," Instructure's website states.

Earlier, the company said Canvas and other related sites had been placed "in maintenance mode" and it was "investigating an issue where some users are having difficulties logging into Student ePortfolios."

A blog post by cybersecurity company Malwarebytes recommends several additional actions for those at affected institutions, including changing the passwords for accounts that shared them with Canvas accounts, remaining alert for follow-up phishing scams and turning on multi-factor authentication where possible.

Who hacked Canvas?

Hacking group ShinyHunters claimed responsibility for the breach, according to The New York Times and CNN, and said in an alleged ransom note that almost 9,000 schools worldwide were affected. The group claimed that the data of 275 million individuals — including students, teachers and other staff — was stolen.

ShinyHunters has a history of compromising global corporations, Reuters reported. In April, the group said it had stolen ​nearly 80 million business records from video game developer Rockstar Games, the ‌maker of Grand Theft Auto.

(This story was updated to add new information.)

Sarah Perkel is a South Florida Connect Reporter for the USA TODAY Network's Florida Connect team. You can get all of Florida’s best content directly in your inbox each weekday day by signing up for the free newsletter, Florida TODAY.