How to Protect Your Academic Records and Navigate Finals Amid a Learning Platform Cyberattack

Introduction

When a cyberattack strikes a widely used learning platform like Canvas during final exams, it can throw students and educators into chaos. In April 2025, the ShinyHunters ransomware group breached Canvas, operated by Instructure, affecting potentially 275 million users across 8,800 schools. The incident temporarily took the platform offline, disrupted finals, and exposed names, emails, student IDs, and internal messages. While passwords and financial data were not compromised, the event highlights the urgent need for a clear response plan. This guide walks you through the essential steps to safeguard your academic data and maintain calm when a learning platform is hacked.

What You Need

• Access to your Canvas account (or any affected learning management system)
• A reliable internet connection
• Your school-issued email address and personal contact email
• An unofficial transcript or grade backup (saved locally or printed)
• Contact information for your institution’s IT support or help desk
• A password manager (recommended for strong, unique passwords)
• Two-factor authentication (2FA) app or hardware token

Step-by-Step Guide

Step 1: Understand the Threat and Your Risk

Begin by gathering accurate information. The ShinyHunters group claimed responsibility for the Canvas breach, accessing names, email addresses, student ID numbers, and messages. They did not obtain passwords, birth dates, Social Security numbers, or financial data. However, the exposed data can be used for targeted phishing or identity theft. Visit your institution’s official website or follow their verified social media accounts for updates. Do not rely on rumors or third-party posts.

Step 2: Secure Your Account Immediately

As soon as you learn of a breach, change your Canvas password and any other account using the same or similar credentials. Use a strong, unique password of at least 12 characters with a mix of letters, numbers, and symbols. Enable two-factor authentication (2FA) if you haven’t already—this adds an extra layer even if your password is exposed. If Canvas offers a recovery email or phone number, confirm they are up to date.

Step 3: Check for Breach Notifications and Monitor Your Accounts

Check your email inbox (including spam folder) for any notifications from Canvas or your school. The breach data included student IDs and email addresses, so you may receive phishing attempts posing as official messages. Do not click on links or download attachments from unsolicited messages. Use a trusted source like your school’s IT portal to verify alerts. Also monitor your bank, credit card, and other online accounts for suspicious activity.

Step 4: Contact Your Institution’s IT Department

Reach out to your school’s tech support via phone, email, or in-person help desk. Ask specific questions: “Has my Canvas data been confirmed as accessed? Are finals being rescheduled or moved offline? What additional security measures have been implemented?” Many schools will provide guidance on how to handle compromised credentials and may offer free credit monitoring services. Keep a record of your conversation for reference.

Step 5: Backup Essential Course Materials Offline

If Canvas remains unstable or you fear data loss, download your important files: syllabus, assignment instructions, grades, and any submitted work. Save them to a local drive, a USB stick, or a cloud storage service you trust (e.g., Google Drive or Dropbox) that uses strong encryption. For finals, print hard copies of your notes or exam schedules in case the platform goes down again.

Step 6: Prepare for Alternative Exam Methods

After a major cyberattack, many schools revert to offline exams or postpone finals. Check your institution’s announcements for updated test plans. If you must take an online exam on Canvas after the restoration, ensure your device has the latest security updates and that you’re connecting via a secure Wi‑Fi network (avoid public hotspots). Have a backup plan, such as a secondary device or a friend’s computer, in case your primary device fails.

Step 7: Stay Vigilant Against Phishing and Scams

Breach data like student emails and class year information are perfect for crafting convincing phishing emails. Watch for messages that claim to be from Canvas support, your professor, or the IT department asking you to “verify” your account or click a link. Look for red flags: poor grammar, generic greetings, urgent language, or mismatched email addresses. Report any suspicious messages to your IT department immediately.

Step 8: Review Your Privacy Settings on Canvas

Even after the immediate crisis, take a few minutes to audit your privacy settings in Canvas. Under your account settings, review what information is visible to classmates and instructors. Restrict your profile to only necessary data. If your school allows, consider using a pseudonym or hiding your email address from the public directory. Reducing your digital footprint can limit the impact of future breaches.

Tips

• Use a password manager to generate and store unique passwords for every platform—never reuse passwords across academic and personal accounts.
• Enable 2FA everywhere, not just on Canvas. It’s your best defense against credential theft.
• Back up your work regularly, especially before finals. Save copies of assignments, grade reports, and communications with professors.
• Stay calm and informed. Rushing to change passwords or click links can lead to more mistakes. Follow official channels and take one step at a time.
• Consider identity theft protection services if your school offers them after a breach, or sign up for a free credit monitoring service like Credit Karma or IdentityForce.
• Keep your software updated on all devices—browsers, operating systems, and antivirus—to reduce vulnerability to malware that may accompany phishing attacks.
• Talk to your professors about additional flexibility. Many educators understand the stress and may offer extra time or alternative assignments after a platform outage.

Finally, remember that you are not alone. The ShinyHunters incident affected millions of students across the U.S. Your school’s IT team is working to secure the system, and by following these steps, you can take control of your own data security and focus on what truly matters: finishing your finals strong.