Cyberattack hits University of Minnesota's Canvas learning system, some final exams postponed

A cyberattack is disrupting thousands of schools, including the University of Minnesota, as students cram for finals.

Hackers knocked out a system called Canvas. Students use the software for studying, exams, and submitting papers. It's back online Friday, but the damage was done.

Finals schedules were thrown off at the University of Minnesota campus. Exams scheduled for Friday were postponed.

Sophomore Maddie Koltes and her classmates couldn't access any of the class lectures and other study material in Canvas Thursday during the cyberattack.

Instead, they saw a ransom note from Shinyhunters, the group taking credit for the attack, when they tried to log on.

The software was back up and running late Thursday night. Students at the university didn't get access until Friday morning while the university tried to ensure it was stable for usage.

While some students might find relief in getting extra time to prepare, Koltes wanted to get her exam done.

"I know that (the exam) can't be Sunday and the last day of finals is next Wednesday. So, it gives kind of a tight window in that time, and I have other finals on other days next week as well," she said.

In the ransom note, Shinyhunters said it obtained data from the schools and threatened to leak it unless a settlement was paid by Instructure, Canvas' parent company. The deadline is May 12.  About 9,000 schools were affected ranging from elementary schools to colleges.

Cybersecurity experts told WCCO that learning systems like Canvas are targeted because they carry a trove of personal information.

"Often when you think of students and children that are being enrolled in school systems, you not only have their information, but you typically also have their parent's information. You typically also have their parent's financial information," said Nabil Hannan, the Field Chief Information Security Officer for NetSPI.

University of Minnesota officials recognize the concern, saying in a statement that their "primary focus remains the security of our community's data."

Hannan said the data potentially extracted from the breach might not be utilized for several years given that the victims in this case are children and young adults.

"If a kindergartner's data got exposed, chances are it'll be 10, 12, 13 years before that's actually used to do something like get a loan in their name," he said.

University of Minnesota officials released an updated statement on the cyberattack Friday:

"On May 7, Instructure notified the University of technical issues requiring Canvas to be taken offline. As a precautionary measure, the University also suspended system access. While Instructure has since restored service, our administrators are currently verifying the platform's stability. We expect to restore full access to the University community early this afternoon.

We recognize the significant disruption this has caused for students and faculty, particularly as the semester concludes. Our primary focus remains the security of our community's data, and we continue to monitor the situation closely."