Canvas, one of the world’s largest education platforms, has been hit by a huge data breach just as remote learning cements itself in Australia. A hacking group called ShinyHunters claims responsibility for stealing 275 million student records from elite universities and private schools using the app. The attack lands at a sensitive moment, undermining confidence in digital education tools that now sit at the core of everyday student life.
Canvas became a critical backbone for education during the pandemic when universities rapidly pushed lectures, exams and assignments online. The hack disrupted the final weeks of first semester and led to the theft of about 3.65 terabytes of data from 8809 educational institutions worldwide. At least 122 Australian providers are caught up in the breach, affecting hundreds of thousands of local students who rely on Canvas for assessments and communication.
Investigators say the scale of the theft shows deep security weaknesses across education systems that rushed online. Canvas hosts everything from assignment submissions to exam papers and messages between students and teaching staff, making it a rich target for cybercriminals. The breach indicates many universities and private schools have not upgraded their cybersecurity measures at the same pace as their digital teaching tools.
Student use of Canvas remains high even as campuses reopen, reflecting a lasting shift in education preferences since lockdowns. Some leaders, including senior state figures, argue more students should be pushed back into on-campus study, claiming the dominance of online platforms has diluted the quality of education. The Canvas hack is now a central example in debates over how far universities should rely on remote learning.
