Global cybersecurity attack hits educational platform, prompts alerts at Pa. colleges | Pennsylvania News
Publish Date: 2026-05-07 21:58:00
Source Domain: www.wfmz.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
There are reports of a global cybersecurity incident involving Instructure, the vendor that provides Canvas, a learning management system that many colleges and universities use across the country.An IT worker at Penn State Wilkes‑Barre tells 69 News they were flooded with calls and support tickets after students reported seeing a ransom note appear on Canvas before being unable to access it. They say the system was breached once, the ransom note was removed, but Canvas remains down and there is little the campus IT department can do at this point. As a result, students will likely need accommodations and may have to take paper finals.According to an article written by The Daily Pennsylvanian, the May 7 data breach comes after ShinyHunters, a group notorious in the hacking community for large-scale data breaches, claimed responsibility for breaching Instructure.The article says in a message posted on the University of Pennsylvania’s Canvas page, the hackers wrote that any university that does not wish to have its data released should contact the group before May 12. At around 4:20 p.m., the ShinyHunters message was replaced by a message from Canvas that stated the platform was undergoing “scheduled maintenance”, The Daily Pennsylvanian says.The article goes on to say that ShinyHunters previously published a list of the nearly 9,000 institutions affected by the hack — including all eight Ivy League universities.According to an email obtained from a student at Penn State University, Instructure recently announced that it experienced a cybersecurity incident involving a criminal threat. The company said it is investigating the matter with the assistance of third-party forensic experts and is working to determine the scope and potential impact.Instructure says they have notified impacted institutions and believes the incident has been contained.Penn State University released a statement regarding the Canvas outage:“Given that we do not expect resolution to occur within the next 24 hours — and it could stretch beyond — tests and other assignments to be completed in Canvas will not be available. All tests scheduled to be administered in the Pollock Testing Center Thursday night and Friday have been canceled.”Penn State says IT and Information Security teams are actively monitoring Instructure’s Security Incident updates as they become available and are assessing any potential impact to the University’s systems and data, according to a release from the university. No one is able to access Canvas at this time.“We are in communication with the vendor and will take appropriate action if additional information indicates risk to Penn State users or systems,” the release reads. “At this time, the information available from Instructure indicates that no specific action is required. Nonetheless, we encourage you to exercise security awareness.”In the meantime, Penn State urges its students to be alert to unsolicited emails or messages appearing to come from Canvas or Penn State, particularly any requesting login credentials or personal information.Officials ask you report anything suspicious to [email protected] State encourages its students to use strong, unique passwords for Penn State accounts and be cautious of phishing attempts.York College of Pennsylvania also notified its students about the incident, sending an email outlining what the school knows so far. A student shared the email with 69 News.The college says they are among the institutions affected by the incident. Their investigation has determined that the attack started on April 25, 2026, and was detected and removed on April 29. Officials of the college say there is no indication of an ongoing threat.“While some personal information was obtained, as of today, investigators show no indication that passwords, birthdates, financial information, or Social Security numbers were involved,” the email reads.York College says they are waiting for specific data that will identify specific individuals and data elements that were affected by this incident.If there are any local students in the area who are experiencing this cybersecurity incident with Canvas, please let us know.
