Instructure's Canvas platform experienced a widespread service disruption today after attackers defaced the login page with a ransom demand. The threat actors claim to possess data from 275 million students and faculty members across approximately 9,000 educational institutions in the U.S. and internationally.
The breach halted access to coursework, assignments, and grades at multiple school districts and universities nationwide. Students and educators could not log in or access course materials during the attack window. Canvas serves as the learning management system for thousands of schools, making it a high-value target for extortion operations.
The attackers posted a defacement message on Canvas' login portal demanding payment in exchange for not releasing the stolen data. The threat included specific numbers of affected institutions and users, suggesting the group possesses legitimate access to sensitive information from Canvas' infrastructure or its users' accounts.
The incident represents a serious blow to educational continuity. Schools depend on Canvas for grade tracking, assignment submission, and real-time communication with students. The disruption forced educators to find alternative ways to deliver instruction and assess student progress.
Canvas' parent company Instructure did not immediately release a detailed statement on the breach's scope or root cause. Educational institutions began notifying users of the compromise while investigating whether the attackers exploited a vulnerability, compromised credentials, or gained access through a supply chain vector.
This attack follows a pattern of extortion-focused breaches targeting critical infrastructure sectors. Threat actors increasingly target education technology providers because they hold sensitive data on millions of minors, making institutions more likely to comply with ransom demands.
Organizations using Canvas should monitor their accounts for unauthorized access and prepare for potential credential-based attacks targeting their users. Education departments should prepare incident response plans accounting for potential service unavailability from their core learning management systems.