{"id":38015,"date":"2026-05-09T02:12:13","date_gmt":"2026-05-09T02:12:13","guid":{"rendered":"https:\/\/www.europesays.com\/canada\/38015\/"},"modified":"2026-05-09T02:12:13","modified_gmt":"2026-05-09T02:12:13","slug":"university-of-toronto-among-canadian-schools-targeted-in-widespread-cyberattack-on-canvas-system","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/canada\/38015\/","title":{"rendered":"University of Toronto among Canadian schools targeted in widespread cyberattack on Canvas system"},"content":{"rendered":"<p><a style=\"display:block\" href=\"https:\/\/www.theglobeandmail.com\/resizer\/v2\/SVKCZRVFYZBWDESJMHM72EYYSE.JPG?auth=f6f36d3a903d792f6be1d7ab6a36f6bcb0d81fb05c4bc586e1e56f71af1b8eb4&amp;width=600&amp;height=400&amp;quality=80&amp;focal=2233%2C1882\" aria-haspopup=\"true\" data-photo-viewer-index=\"0\" rel=\"nofollow noopener\" target=\"_blank\">Open this photo in gallery:<\/a><\/p>\n<p class=\"figcap-text\">Simon Fraser University, University of Alberta and the University of British Columbia are among Canadian schools affected by a hack that potentially impacted more than 8,000 institutions around the world.Isabella Falsetti\/The Globe and Mail<\/p>\n<p class=\"c-article-body__text text-pr-5\">A massive cyberattack hit several major Canadian universities this week as hackers demanded ransom payments and threatened to release student data.<\/p>\n<p class=\"c-article-body__text text-pr-5\">The University of Toronto, the University of British Columbia and the University of Alberta are among the largest Canadian schools affected by a hack that potentially touched more than 8,000 institutions around the world.<\/p>\n<p class=\"c-article-body__text text-pr-5\">The hack locked up the Canvas learning management system, made by a company called Instructure and used by thousands of schools to organize courses and handle communication between students and instructors. <\/p>\n<p class=\"c-article-body__text text-pr-5\">On Thursday, when students at the University of Toronto and elsewhere logged on to Canvas they saw a message from a hacking group that calls itself ShinyHunters. It had breached the company\u2019s site, the group said, and appealed to the affected schools directly, asking they contact a cyber advisory firm to negotiate a ransom, giving a deadline of May 12. If not, they threatened to leak the stolen data.<\/p>\n<p class=\"c-article-body__text text-pr-5\">Instructure said in a statement on its website Friday that the incident is contained and that Canvas is again available online. But some of the Canadian schools involved, such as UBC, U of A and the U of T, said Friday that their sites were not available.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cWe are currently advising UBC community members not to attempt to log into Canvas until further notice,\u201d said Thandi Fletcher, a spokesperson for UBC. \u201cWe also recommend that faculty, staff, and students continue to be vigilant against phishing and follow best practices for protecting their accounts and data, including using strong passwords and enabling multi-factor authentication where available.\u201d <\/p>\n<p class=\"c-article-body__text text-pr-5\">David Shipley, CEO of Beauceron Security and a former cyber security lead at the University of New Brunswick, said the scale of the attack is massive.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cAs far as I can tell, and my pastime is tracking a lot of these data breach statistics, this is the largest to affect the education sector,\u201d Mr. Shipley said.<\/p>\n<p class=\"c-article-body__text text-pr-5\">He said it\u2019s hard to say at this point what data the hackers may have taken, because what\u2019s available depends on how schools use the software and what kinds of information is shared on the platform. But it could range from grades, to coursework or messages between instructors and students, he said.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cIf you\u2019re a student and you\u2019ve lost your GPA, that\u2019s relatively trivial. The risk is if passwords were actually somehow accessed,\u201c he said. \u201dBecause what will happen is that password files, if any were exposed, would get traded and then used in AI-automated attacks to try and break into everything associated with your email.\u201d<\/p>\n<p class=\"c-article-body__text text-pr-5\">He said it\u2019s too soon to judge how damaging the attack has been. It could take quite some time before institutions have a handle on what has been lost. Other schools affected include Ontario Tech University, Simon Fraser University and the Ontario College of Art and Design University.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cThis is going to put extraordinarily high strain on the higher ed sector in Canada. They don\u2019t have large security teams. They don\u2019t have large data privacy teams. They\u2019re going to be swimming in this, and it\u2019s not even their fault,\u201d Mr. Shipley said.<\/p>\n<p class=\"c-article-body__text text-pr-5\">Instructure said it was first aware of an attack on April 29. On Thursday, the company discovered additional activity stemming from the same attack and took the site offline.<\/p>\n<p class=\"c-article-body__text text-pr-5\">The company said the April 29 incident involved personal information such as names, email addresses, student ID numbers, and messages between users on the platform.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cWe have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved,\u201d Instructure said, in a note on its website.<\/p>\n<p class=\"c-article-body__text text-pr-5\">Mr. Shipley said the hacking group that has claimed responsibility is notorious for its ransomware attacks on major corporations.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cThese guys are the top of the cyber crime, non nation-state headaches,\u201d he said. \u201cThey\u2019re being chased right now by every law enforcement heavy you can imagine. The FBI wants these guys so bad.\u201d<\/p>\n<p class=\"c-article-body__text text-pr-5\">Ian Linkletter, an emerging technology and open education librarian at the British Columbia Institute of Technology, which was not affected, said a cyber attack on this scale highlights the reliance that many schools have on third-party software providers, in this case based in the U.S.<\/p>\n<p class=\"c-article-body__text text-pr-5\">\u201cThis is an opportunity to assess how our safeguards failed,\u201d Mr. Linkletter said.<\/p>\n","protected":false},"excerpt":{"rendered":"Open this photo in gallery: Simon Fraser University, University of Alberta and the University of British Columbia are&hellip;\n","protected":false},"author":2,"featured_media":38016,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[164,224,238,214,212,239,17,211,230,231,227,213,210,235,171,234,143,222,249,215,216,229,225,226,219,240,220,244,245,247,242,246,94,243,217,142,233,113,232,241,223,236,237,228,221,218,248],"class_list":{"0":"post-38015","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-canada","8":"tag-alberta","9":"tag-arts-news","10":"tag-bc","11":"tag-breaking-news","12":"tag-breaking-news-video","13":"tag-british-columbia","14":"tag-canada","15":"tag-canada-news","16":"tag-canada-sports","17":"tag-canada-sports-news","18":"tag-canada-trafficcanada-weather","19":"tag-canadian-breaking-news","20":"tag-canadian-news","21":"tag-economy","22":"tag-education","23":"tag-environment","24":"tag-federal-government","25":"tag-foreign-news","26":"tag-globe-and-mail","27":"tag-globe-and-mail-breaking-news","28":"tag-globe-and-mail-canada-news","29":"tag-government","30":"tag-life-news","31":"tag-lifestyle","32":"tag-local-news","33":"tag-manitoba","34":"tag-national-news","35":"tag-new-brunswick","36":"tag-newfoundland-and-labrador","37":"tag-northwest-territories","38":"tag-nova-scotia","39":"tag-nunavut","40":"tag-ontario","41":"tag-pei","42":"tag-photos","43":"tag-political-news","44":"tag-political-opinion","45":"tag-politics","46":"tag-politics-news","47":"tag-quebec","48":"tag-sports-news","49":"tag-technology","50":"tag-travel","51":"tag-trudeau","52":"tag-us-news","53":"tag-world-news","54":"tag-yukon"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/posts\/38015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/comments?post=38015"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/posts\/38015\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/media\/38016"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/media?parent=38015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/categories?post=38015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/canada\/wp-json\/wp\/v2\/tags?post=38015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}