The University of Witwatersrand (Wits) has restored its learning management system, which had been compromised by hackers.
This was confirmed by Shirona Patel, communications manager at Wits University, in a phone call with ITWeb.
The confirmation comes after the ShinyHunters extortion group reportedly breached education technology company Instructure by exploiting a vulnerability to deface Canvas login portals used by hundreds of colleges and universities.
KNOW MORE
Cyber security professionals can join hundreds of industry peers at ITWeb Security Summit Cape Town 2026 and ITWeb Security Summit 2026 in Johannesburg, where expert speakers will explore how organisations can stay resilient in the face of AI-driven attacks and an increasingly complex threat landscape.
The defacements, which were visible for about 30 minutes before being removed, displayed a message claiming responsibility for the earlier Instructure breach and threatening to release stolen data unless a ransom is paid.
According to the message, Instructure and affected schools have until 12 May to make contact and negotiate, failing which student data could be leaked.
ShinyHunters is a notorious hacking and extortion group linked to several major global data breaches over the past few years. The group typically steals data from companies and threatens to leak it unless a ransom is paid.
Wits had an enrolment of 41 702 students as of 2025, and was recognised as the top-ranked university in Sub-Saharan Africa for innovation performance in the 2025 Global Innovation Index.
Instructure confirmed the security incident affecting its Canvas platform, after temporarily placing Canvas, Canvas Beta and Canvas Test into maintenance mode while investigating the issue.
In an update posted on its incident page, the company says Canvas had since been restored for most users, although Canvas Beta and Canvas Test remained in maintenance mode.
Earlier updates from Instructure indicated the company was actively investigating the incident before taking the platforms offline as a precautionary measure.
Patel said the university suffered downtime on its Ulwazi learning management system last night before it was restored today. “The learning management system was down overnight while the system was patched and tested.”
In a statement, the university says: “Please note that the Ulwazi learning management system is now back online, and that learning and teaching continues as scheduled. This follows a cyber security incident involving Instructure, the company that manages Canvas (Ulwazi).”
It notes that yesterday, Instructure informed Wits and other universities across the world of a data breach to its systems.
“This appears to be because of an attack by a cyber extortion group. It seems that approximately 8 800 education institutions worldwide are affected by this incident.
“Information that may have been compromised includes student/staff names, student/staff e-mail addresses, student/staff numbers and conversations contained within Canvas (Ulwazi) inboxes.”
According to Wits, forensic investigations are underway at Instructure and further details will be shared as information becomes available.
“We urge all students and Canvas users to be alert to unsolicited e-mails or messages appearing to come from Canvas or the university, particularly any requesting login credentials or personal information. Do not click on suspicious links or attempt to download any files associated with this incident.”
This is not the first time Wits has suffered a cyber incident. In October last year, the university confirmed its Oracle E-Business system had been hit by a cyber attack that compromised its system in multiple countries.
Share
