Mississippi State University impacted by cyberattack on Canvas system as finals near

Mississippi State University was among thousands of educational institutions affected Thursday by a cyberattack on the Canvas learning management system, causing chaos as students prepared for final exams, according to university officials.

Chance Roberts, a senior at Mississippi State, said he was answering a question on an online exam when an alert about the hacking group ShinyHunters appeared. Roberts attempted to log out and refresh the page but was unsuccessful. A friend also taking an exam texted him about the notification, prompting Roberts to realize the issue was system-wide, he said.

Luke Connolly, a threat analyst at cybersecurity firm Emisoft, confirmed that ShinyHunters claimed responsibility for the breach at Instructure, the company behind Canvas. Instructure did not immediately respond to requests for comment or clarification on whether the system was taken offline intentionally or compromised by hackers.

Canvas is used by schools nationwide to manage grades, course materials, and assignments. ShinyHunters posted online that nearly 9,000 schools worldwide were affected, with billions of records and private messages potentially accessed, Connolly said. The group had threatened to leak data by Thursday and May 12, indicating ongoing discussions about extortion payments, he added.

Educational institutions quickly issued alerts, advising students and staff to avoid suspicious links or messages. The breach comes amid increasing concern over cyber threats targeting digitized school data, with past incidents involving Minneapolis Public Schools and Los Angeles Unified School District.

MSU officials acknowledged the Canvas outage and breach, urging users to exercise caution. Meanwhile, other universities, including the University of Iowa and Virginia Tech, notified students about disruptions affecting finals and end-of-semester activities. Harvard’s student newspaper reported system outages as well.

Cybersecurity experts note that the attack resembles previous breaches on systems like PowerSchool. Connolly described ShinyHunters as a loose group of young hackers based in the U.S. and UK, linked to other high-profile attacks, including one targeting Ticketmaster’s parent company.

As schools grapple with the breach, officials continue to assess the damage and seek solutions. The incident highlights the growing vulnerability of educational institutions to cyber threats in an increasingly digital landscape.

Source: Original Article