Instructure Holdings, Inc., the company behind the Canvas Learning Management System, has reported a cybersecurity incident impacting Canvas platforms used by K–12 schools and higher education institutions globally. The breach involves unauthorized access to usernames, email addresses, course names, enrollment details, and messages. Although some messages might contain personally identifiable information, the company assures that there is no evidence of compromised passwords, birth dates, government identifiers, or financial data. The ransomware group ShinyHunters has taken responsibility, defacing Canvas login pages with ransom demands. Some institutions have encountered ransom notes when trying to access Canvas.
Is there a cybersecurity threat affecting the Canvas Learning Management System?
