The University of Alberta has become one of more than 9,000 institutions worldwide affected by a significant global cyber attack targeting the company behind a widely used learning management system. The attack specifically targeted Instructure, the owner of Canvas, which serves as the university's primary online learning platform.
Details of the Incident
The university received notification on Thursday that some of its data had been compromised as a result of the attack on Instructure. Users of Canvas reported encountering unauthorized messages while attempting to access the system, which was subsequently taken offline for several hours to contain the breach.
Hacker group ShinyHunters has claimed responsibility for the attack. This group has been linked to numerous other cyberattacks in recent years, raising concerns about the scale and potential impact of this incident.
University Response
In an official statement, the University of Alberta confirmed that it is actively collaborating with the vendor to gather more information about the breach. The university has advised all users to refrain from using Canvas until further notice, as investigations continue.
“The university is awaiting further details from Instructure regarding the scope of the impact on U of A data, including the volume and types of information involved,” the statement read. Officials emphasized that sensitive information such as dates of birth and financial data is not stored in Canvas and is therefore not at risk from this attack.
Background on Canvas Usage
The University of Alberta has been using Canvas since Fall 2024. The platform is a web-based system designed to assist educators in managing their courses, serving as a central hub where students can access course materials, submit assignments, view their grades, and communicate with instructors. The disruption has caused uncertainty among students and faculty regarding access to course content and deadlines.
Authorities are working diligently to resolve the issue and restore normal operations. Further updates are expected as more information becomes available from Instructure and cybersecurity teams.
