A cyberattack hit universities worldwide, including top Canadian schools. Here's what we know
Posted on: May 09, 2026 13:30 IST | Posted by: Cbc
Thousands of schools around the globe, including in Canada, feature been come to by a monolithic cybersecurity incident involving canvass, an online learning-management scheme that connects millions of students with their instructors.
Post-secondary institutions including the University of Toronto, University of British Columbia, the University of Alberta and Western University's Ivey Business School are among the affected Canvas users.
Here's what we know about the breach.
At universities, colleges and some K-12 schools, instructors use Canvas to share a wide range of material with students, from course notes and assignments to media and exams. They can also use it to communicate and share grades or other updates.
So, the data involved may include full names, email addresses, student numbers and personal messages, according to Instructure, the makers of Canvas.
The company said it detected unauthorized activity on April 29, accessed through a particular type of teacher account. Though the company revoked that access, it took the platform offline to investigate on Thursday when additional activity was detected.
Instructure said it has not found evidence that passwords, financial information or government-issued identification details have been compromised.
Cyberattack hits universities around the world including Canada
The breach is "very concerning," said Luke Connolly, an Ottawa threat intelligence analyst at cybersecurity firm Emsisoft, since "there's all sorts of ways that the information can be put to bad use."
From a hacker's perspective, schools are an ideal target since students are "at the very beginning of their financial journey," without major loans or debts, said Robert Falzon, Check Point Software's head of engineering for Canada.
Given the multiple breaches across different sectors and services providers in recent years, he said information from this Canvas incident could be combined with data leaked elsewhere to build profiles for creating false identities.
"Those identities in turn can be used to look for loans or take out mortgages or ... In various different types of financial crime," Falzon said.
And in some cases, he said it could take someone "years to discover that they've been victimized this way."
There's a data breach at Canadian schools. What do we know?
A hacker group called ShinyHunters has claimed responsibility for the cyberattack, which it claims has compromised the personal info of 275 million people, including students, teachers and school staff.
The group, which has previously been tied to breaches at Ticketmaster and Google's Salesforce database, has threatened to publicly release the stolen data unless paid an undisclosed sum as a "settlement."
With many U.S. Colleges in the midst of finals, a flurry of students shared via TikTok the ShinyHunters missive that greeted them Thursday as they tried to log into Canvas.
In Canada, where many universities just wrapped the spring exam period, some students shared their confusion over the incident — like logging in before noticing a school email about the breach urging them not to.
"I kind of logged in [automatically] this morning," said Deborah Elezaj, an undergrad studying at the University of Toronto. "Now we're being told to change our passwords."
Having personal info leaked is "a nerve-wracking thought," said her classmate Emily Saso.
Some of the affected schools have suspended or discouraged use of Canvas (as at U of A, UBC and U of T), while others have returned to using the since-restored platform. Most have sent messages advising people to be wary of suspicious emails.
"We recommend that faculty, staff and students remain vigilant against phishing emails," U of T posted online Friday afternoon.
"Remember, the university will never ask you to bypass your multi-factor authentication. If you receive an email requesting MFA bypass codes, please report it."
The institutions are victims in "an awful bind," said David Shipley, CEO of Beauceron Security in Fredericton.
"This is a company they depend on to deliver services that they could not afford to do or deliver themselves digitally."
Connolly is wary about any schools considering paying a ransom for the data — a move he says fuels a domino effect. "It encourages the criminals to continue to look for new victims," he said, "and the payments actually fund their development of new techniques" to exploit others.
Cybersecurity "is everybody's problem," said Falzon.
Schools "have a responsibility to make sure that they are using the best tools possible, that they are following protocols ... And to protect the students that are using those services," he said.
Meanwhile, third-party vendors "have an obligation and responsibility to make sure the services they are providing are safe and secure."
It's not enough to have cybersecurity audits every once in a while, with breaches "happening on a daily basis now," Falzon said.
"We need to start thinking very seriously about shortening those cycles and ... Making sure we're engaging the community and our partners for awareness, so that everybody understands what the risks to them are, and how they can be a part of the solution."
Caught in a data breach? 3 tips for what to do next
Meanwhile, Shipley wants to see stronger federal privacy laws and "meaningful consequences" for companies involved in breaches, similar to the hefty fines firms can face in Europe.
"Companies that actually face these kinds of sanctions up front, they will risk manage better," he said. "Absent consequences, profit-oriented private companies are going to make money. They’re not going to spend on security."
Students and staff face a tricky situation since they don't typically have a say about vendors their schools pick, nor can they easily opt out of using them, Falzon said.
However, he does recommend changing passwords regularly, switching on multi-factor authentication if you haven't already and informing your bank if you're part of a breach, plus signing up for credit monitoring.
Folks should also reconsider how much personal info they're sharing on social media, he said, such as, "where you live, courses you're taking, things like that."
Global News Perspectives
In today's interconnected world, staying informed about global events is more important than ever. ZisNews provides news coverage from multiple countries, allowing you to compare how different regions report on the same stories. This unique approach helps you gain a broader and more balanced understanding of international affairs. Whether it's politics, business, technology, or cultural trends, ZisNews ensures that you get a well-rounded perspective rather than a one-sided view. Expand your knowledge and see how global narratives unfold from different angles.
Customizable News Feed
At ZisNews, we understand that not every news story interests everyone. That's why we offer a customizable news feed, allowing you to control what you see. By adding keywords, you can filter out unwanted news, blocking articles that contain specific words in their titles or descriptions. This feature enables you to create a personalized experience where you only receive content that aligns with your interests. Register today to take full advantage of this functionality and enjoy a distraction-free news feed.
Like or Comment on News
Stay engaged with the news by interacting with stories that matter to you. Like or dislike articles based on your opinion, and share your thoughts in the comments section. Join discussions, see what others are saying, and be a part of an informed community that values meaningful conversations.
Download the Android App
For a seamless news experience, download the ZisNews Android app. Get instant notifications based on your selected categories and stay updated on breaking news. The app also allows you to block unwanted news, ensuring that you only receive content that aligns with your preferences. Stay connected anytime, anywhere.
Diverse News Categories
With ZisNews, you can explore a wide range of topics, ensuring that you never miss important developments. From Technology and Science to Sports, Politics, and Entertainment, we bring you the latest updates from the world's most trusted sources. Whether you are interested in groundbreaking scientific discoveries, tech innovations, or major sports events, our platform keeps you updated in real-time. Our carefully curated news selection helps you stay ahead, providing accurate and relevant stories tailored to diverse interests.
No comments yet.