A cybercrime group launched a data extortion attack against Canvas, the education platform used by nearly 9,000 institutions, disrupting classes and coursework across the United States. The attackers defaced the login page with a ransom demand, threatening to leak data from 275 million students and faculty members.
Canvas, a widely-used learning management system serving schools and universities nationwide, experienced significant disruptions as the breach unfolded. The attack specifically targeted the platform's login infrastructure, preventing legitimate users from accessing coursework, assignments, and course materials.
The threat actors displayed a ransom message on Canvas's authentication page, claiming access to student and faculty records across thousands of educational institutions. The scale of the threatened data exposure—275 million individuals across nearly 9,000 schools—represents one of the largest potential educational data breaches in recent history.
Data extortion attacks combine system compromise with blackmail tactics. Attackers threaten to publicly release sensitive information unless victims pay a ransom, creating urgency for institutions handling confidential student records, grades, and personal information.
The disruption affected classroom operations on a broad scale, with students unable to submit assignments and instructors unable to access student work or course materials. Many institutions depend on Canvas for core academic functions, making extended outages particularly damaging to academic schedules.
Canvas is operated by Instructure, a major educational technology company that serves K-12 schools, higher education institutions, and corporate training programs. The platform hosts millions of courses and serves as a central hub for online and hybrid learning environments.
Schools and universities have increasingly relied on centralized platforms for learning management, making them attractive targets for large-scale extortion attacks. The incident highlights the security risks concentrated in widely-adopted educational software systems.
Details regarding the attackers' identity, timeline of the breach, and whether ransom negotiations have begun remain unclear. Educational institutions are typically advised against paying ransoms, as doing so funds criminal operations and provides no guarantee of data deletion.
Response efforts are ongoing as institutions work to restore full system access and assess the extent of any data compromise.
Oxford University disclosed a data breach after its third-party careers services provider, Group GTI, notified the institution that its CareerConnect platform had been compromised.
The Trump administration is urging NATO allies to direct defense spending toward removing Chinese technology from their networks and critical infrastructure. The push specifically targets components from Huawei Technologies.
Research reveals that hiring algorithms tend to optimize for similar candidate profiles, reducing diversity and limiting the talent pool. The findings highlight how automated recruitment systems can reinforce homogeneity rather than expand hiring prospects.
Analysis of 1,000 documented data breaches reveals organizations are taking longer to notify affected users, undermining efforts to improve transparency and response times.