Canvas is back online, but questions — and final exam disruptions — linger

Canvas, the learning management system used by roughly half of North America's higher education institutions, came back online after a ransomware attack, but dozens of universities are keeping students and staff off the platform while security concerns persist.

The breach occurred when a ransomware group claimed responsibility for accessing Canvas data. The company worked to restore service, yet many institutions took a cautious approach. Some schools issued explicit warnings against logging in immediately after systems came back up, citing unresolved security risks and the need for additional verification that the platform was fully secure.

The timing created acute disruptions for students facing final exams. Multiple universities had to delay or reschedule assessments that depend on Canvas for administration and proctoring. Instructors scrambled to find alternatives for submitting grades, distributing exam materials, and communicating with classes. Some institutions moved exams to paper formats or alternative platforms on short notice, creating logistical chaos during the most critical academic period of the semester.

Canvas serves institutions ranging from community colleges to major research universities. The platform handles course management, assignment submission, grade tracking, and increasingly, remote exam administration. Its widespread adoption means a single breach affects millions of students and thousands of institutions simultaneously.

Security researchers and higher education IT directors raised questions about Canvas' security protocols and what safeguards failed. The company had not publicly confirmed the full scope of compromised data or whether student records, passwords, or institutional information were exposed. Universities demanded transparency about what was accessed and what steps Canvas was taking to prevent future incidents.

For students, the disruption extended beyond missed exams. Course access interruptions meant students could not review materials, submit assignments, or track grades during a high-stress period. Some students found themselves locked out of their coursework with no clear timeline for restoration.

Higher education institutions began reviewing backup contracts and contingency plans with their learning management system vendors. The incident raised broader questions about dependence on single