On May 7, a cyberattack on Canvas, a digital educational platform managed by Instructure, disrupted access for students and faculty until Friday morning. The breach, which began on May 1, involved a “criminal threat actor” stealing usernames, email addresses, and student ID numbers. The ransomware group ShinyHunters claimed responsibility, alleging they had stolen 3.65 terabytes of data. Negotiations with Instructure failed, leading to a ransomware message on the Canvas login page by May 7, demanding a settlement by May 12 to avoid data leaks. Affected institutions were advised to consult cybersecurity experts. Santa Monica College responded by disabling Canvas logins and providing updates via an alternative webpage. By May 8, most users regained access, but full functionality for SMC was contingent on a security review. Although no passwords or sensitive financial data were reportedly compromised, SMC’s IT Department urged caution against suspicious online activity.
How Did a Cybersecurity Breach Affect SMC’s Canvas Site?
