Canvas parent Instructure said Thursday it was the target of a “cybersecurity incident perpetrated by a criminal actor,” and the hacker group ShinyHunters claimed it had breached the company and affected roughly 9,000 educational institutions, including several in Mississippi.
Instructure said attackers accessed names, email addresses and messages for hundreds of millions of users, according to the company. ShinyHunters posted a message on Canvas saying the group had tried to contact Instructure and that recent security patches had failed.
The group displayed the message on Canvas on May 7 and threatened to leak data for any school on its list by May 12 unless the institution negotiated a settlement, the statement said. “If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm to contact us privately at TOX to negotiate a settlement,” the message said.
Mississippi State University said the outage began on the first day of final exams, leaving many students unable to complete assignments, and that it would provide updates as they become available. A university release warned users that “[Mississippi State University] will never direct users to unverified third-party sites for Canvas-related communications or remediation activities” and urged caution around suspicious links or messages.
Mississippi Free Press reported that other state institutions affected included Delta State University, the University of Southern Mississippi, Mississippi Gulf Coast Community College, the University of Mississippi Medical Center, East Mississippi Community College, Southwest Mississippi Community College, Mississippi University for Women, Mississippi College, Mississippi Valley State University and the Mississippi School for Mathematics and Science.
Jon Ross Myers is the executive editor and publisher of the Mississippi News Network, Mississippi's largest digital only media company. He can be reached at editor@tippahnews.com
