Wits Restores Learning Platform After Cyber Attack

Cyber‑extortion groups are increasingly targeting the education sector, and the recent ShinyHunters operation against Instructure’s Canvas platform is a stark reminder of that trend. By exploiting a previously unknown vulnerability, the attackers defaced login portals and threatened to leak data unless a ransom was paid. The breach quickly cascaded to more than 8,800 institutions, exposing names, email addresses, student IDs and private communications. For universities that rely on third‑party SaaS solutions, the incident illustrates how a single point of failure can jeopardize the privacy of millions of learners worldwide.

Wits University, South Africa’s top‑ranked institution in the 2025 Global Innovation Index, experienced a brief outage of its Ulwazi learning management system as it patched the compromised Canvas integration. With an enrolment of 41,702 students, the university’s swift restoration effort mitigated further disruption to teaching and learning. However, forensic analysis suggests that personal data of students and staff may have been accessed, prompting the university to issue a warning about phishing emails that could masquerade as official Canvas communications. This follows a prior cyber incident in October 2023 that hit Wits’ Oracle E‑Business system, indicating a pattern of repeated targeting.

The broader implication for higher‑education leaders is clear: reliance on external ed‑tech providers demands rigorous vendor risk management, continuous vulnerability scanning, and incident‑response planning. Institutions should enforce multi‑factor authentication, encrypt sensitive data at rest, and conduct regular security awareness training to reduce the success rate of phishing attacks. As cybercriminals refine their tactics, universities that invest in layered defenses and maintain transparent communication with stakeholders will be better positioned to protect academic integrity and maintain trust in digital learning environments.