SINGAPORE: The Cyber Security Agency of Singapore (CSA) said on Friday (May 8) that it had contacted affected organisations to provide support and guidance on mitigation steps, after education platform Canvas was hit by a cyberattack.
Canvas, used by schools, colleges and universities for grades and course materials, and owned by US edtech company Instructure, went down on Thursday, blocking student access.
“We have reached out to affected organisations to offer assistance and provide advice on mitigation measures,” said CSA, adding that it was “monitoring the situation”.
The Singapore Institute of Management (SIM), in response to CNA’s queries, confirmed it was affected by the Canvas breach, causing “inconvenience and concern” to its students and faculty.
“We are aware of the ongoing disruption affecting access to the Canvas learning platform, which is impacting academic institutions globally,” SIM said.
“The incident occurred within the environment of Instructure, and we understand the inconvenience and concern this has caused our students and faculty.”
In the meantime, SIM said it will put in place temporary arrangements. These include sending of Zoom lesson links directly to students, while deadlines for quizzes and assignments due during this period may be extended.
SIM added that keeping classes running and protecting its community’s information remained its top priorities.
CNA has contacted the Singapore University of Social Sciences (SUSS), NTUC Learning Hub, the National University of Singapore (NUS) and Kaplan to ask if they have been similarly affected by Canvas breach.
In a statement on its website, Instructure confirmed on Friday that the system was “fully back online and available for use”.
The company said it first detected “unauthorised activity” in Canvas on Apr 29, prompting an investigation and the hiring of outside forensic experts.
“On May 7, 2026, we identified additional unauthorised activity tied to the same incident. The unauthorised actor made changes to the pages that appeared when some students and teachers were logged in through Canvas,” it added.
“Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.”
Instructure said the Apr 29 incident resulted in a data leak involving certain users’ personal information at affected organisations, including names, email addresses, student identification (ID) numbers and messages between Canvas users.
“We have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.”
The firm has since taken steps to enhance cybersecurity, including temporarily shutting down its Free-for-Teacher accounts after linking them to the incident, and revoking “privileged credentials and access tokens”, among other measures.
Instructure added it had alerted US law enforcement, including the Federal Bureau of Investigation (FBI), over the incident and would continue to monitor the situation closely.
The hacking group named ShinyHunters claimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at cybersecurity firm Emsisoft,
Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the US and the United Kingdom.
The group also has been tied to other attacks, including one aimed at Live Nation’s Ticketmaster subsidiary.
