Cybersecurity breach impacting University of Minnesota, colleges across the country – ABC 6 News
Cybersecurity breach impacting University of Minnesota, colleges across the country – ABC 6 News
Publish Date: 2026-05-08 08:01:00
Source Domain: www.kaaltv.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
A cybersecurity breach is affecting universities across the country, including the University of Minnesota and the University of Wisconsin.Instructure, the parent company of Canvas, which students at the U of M use for online learning and to submit assignments, is unavailable as of Thursday evening.An image that appears to be a message from a hacking group known as “Shinyhunters” is circulating online, in which the group takes responsibility for the hack and states that affected schools should “consult with a cyber advisory firm and contact us privately… to negotiate a settlement.”A spokesperson for the University of Minnesota issued the following statement, confirming the breach:“The University of Minnesota was notified by Instructure, a software and technology supplier of the University, of a cybersecurity incident affecting its clients worldwide. As of today, users are unable to access Instructure’s Canvas system, which is a cloud- and web-based learning management system for online courses, learning materials and communications. University administrators are awaiting updates from the vendor and taking additional measures to protect University information.”A spokesperson for the University of Wisconsin confirmed the school was also a part of the hack, saying, “At around 3 p.m. today, UW–Madison became aware we are part of a nationwide Canvas outage. We recognize this is occurring at a very challenging time during final exams and grading, and we’re committed to providing you with support and flexibility as we navigate this significant disruption. Multiple teams are working to address this issue.”The University of Wisconsin went on to tell students not to interact with any direction from Canvas this time, such as prompts to log on, click a link or reset your password.“Rather than target one institution, one victim, they can get many at once,” said Adam Marre, the chief information security officer for Arctic Wolf. “So in this case, this Canvas software is one that’s used by thousands of educational institutions across the country and therefore it’s a way for these attackers to get highly leveraged on the victim to get them to pay money, so there’s lots of different victims and they can get lots of information with one attack.”He explained users who may be affected by the attack should take extra care when opening messages.“They really need to watch out especially for social engineering attacks,” said Marre. “These are the types of attacks that come as emails, texts, direct messages that look innocuous, but they’re really someone trying to trick you, defraud you, do something to further this crime, and so what they want to do is create a sense of urgency to get you to not think, not pause and just act quickly.”He encourages users to pause before clicking messages or links, logging into the system without using the link, and making sure they always have multifactor authentication activated.“When attackers get this kind of information or the kind of information that may be involved in this attack, things like emails, names, maybe direct messages, it’s good to remember attackers don’t always use this right away,” said Marre. “Often they pause and wait sometimes even months before then using this in phishing attacks and other social engineering attacks.”He added, “We always need to be on guard when we’re online.”Canvas is used to manage grades, course notes, assignments, lecture videos and more. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, said Luke Connolly, a threat analyst at the cybersecurity firm Emisoft.Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.Instructure has not posted about the attack on its social media.Connolly said the Canvas attack is strikingly similar to a breach at PowerSchool, which also offers learning management tools. In that case a Massachusetts college student was charged.Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to a other attacks, including one aimed at Live Nation’s Ticketmaster subsidiary.
For Related Stories: Cybersecurity Minnesota
