U of I postpones finals, schools scramble following cyberattack on popular learning tool Canvas

Many Illinois colleges and schools are scrambling after the online learning platform Canvas went offline Thursday following a cyberattack on its parent company.

The shutdown forced the University of Illinois Urbana-Champaign to postpone all final exams and assignments scheduled for Friday, Saturday and Sunday, leaders told students in a message sent Thursday night.

Thousands of K-12 school districts and colleges use Canvas nationwide, including U of I and Northwestern University, to manage classes, post assignments and communicate with students.

Infrastructure, which runs Canvas, said last week that it had experienced a “cybersecurity incident perpetrated by a criminal threat actor” that exposed users’ names, email addresses and student ID numbers, as well as internal messages.

A hacking group known as ShinyHunters claimed responsibility for the data breach, according to reporting by the New York Times, and is threatening to release “billions of private messages among students and teachers” if Infrastructure doesn’t meet its ransom demands.

Northwestern University said Canvas remained offline as of Friday morning and provided suggestions for professors to stay in touch with students and accept student work while it’s down.

U of I officials urged students not to open Canvas or click on any links if they saw a message from the platform related to the cyberattack because they could contain malware or be otherwise compromised. John Coleman, the university’s provost, told students that U of I was talking with other colleges about next steps and acknowledged the situation had added “stress and uncertainty” to the end of the academic year.

Cybersecurity incidents are common in schools, according to research conducted by the nonprofit RAND Corporation.

In 2024, about 60% of K-12 principals said on a nationally representative survey that their school had experienced at least one cybersecurity incident in the previous two school years, mostly compromised emails and phishing attacks.

But 14% percent said they experienced a data breach and 10% said they experienced a ransomware attack, which can be especially disruptive if hackers demand payment for the release of schools’ data.