Columbia University and Stanford University experienced significant online disruptions Thursday following a cybersecurity incident affecting Canvas, the learning management platform used by hundreds of colleges nationwide.
Canvas, which serves as a central hub for course materials, assignments, and student-instructor communication, went offline for multiple institutions across the United States. The outage prevented students from accessing coursework and submitting assignments during peak academic hours.
Columbia and Stanford confirmed the service disruptions affected their campuses, with Canvas administrators acknowledging the security incident as the root cause. The platform's parent company, Instructure, did not immediately provide specific details about the nature of the cyber threat or its scope.
The outage highlighted the dependence of American higher education on centralized digital platforms. With thousands of students unable to access course materials, some universities advised instructors to delay assignment deadlines and exams until service restoration.
Instructure, which operates Canvas as its primary learning platform, has not disclosed whether the incident involved data theft, ransomware, or other attack vectors. The company's incident response team worked to restore service throughout Thursday evening.
Canvas serves approximately 30 million users globally, making it one of the most widely adopted learning management systems in higher education. The platform handles sensitive information including student grades, personal data, and institutional course content.
Other universities using Canvas reported similar disruptions, though service began returning to normal by Thursday night. Instructure recommended institutions verify their security settings and monitor for unauthorized access once systems came back online.
The incident underscores ongoing cybersecurity challenges facing educational institutions, which have faced increased attacks in recent years targeting both student data and operational systems.
The FBI is alerting the public to fraudulent websites impersonating FIFA ahead of the 2026 World Cup. The scam sites aim to steal personal and financial data, sell counterfeit tickets and hospitality packages, and execute related fraud schemes.
A newly discovered Windows zero-day vulnerability called LegacyHive allows attackers to escalate privileges on fully updated systems. The exploit was released by security researcher Nightmare Eclipse.
A new Android remote access trojan called BTMOB is being offered as a service to cybercriminals, complete with a builder interface for generating tailored malware payloads designed for phishing campaigns.
U.S. prosecutors charged a New York man and woman Thursday for laundering money stolen through cyber investment fraud scams. The charges mark a significant enforcement action against a large-scale criminal operation.