Canvas, an educational platform used by thousands of schools globally, including local universities, was shut down by a group of hackers who are threatening to release students’ data if the company or its clients don’t pay their ransom.

Twice this month, a group called ShinyHunters launched cyberattacks on Canvas, a cloud-based platform for classrooms run by Salt Lake City-based company Instructure, as CNN reports. The first attack reportedly occurred on May 1, which the company resolved over the next few days with security patches.

After the second attack on Thursday, students from almost 9,000 schools across the world tried to log onto their school's platforms and were met with a note from the hackers declaring the data of 275 million individuals had been breached, including private messages, according to KQED. The group said it would release the students’ information if it didn’t receive its ransom by May 12.

The California State University system posted updates about the incident, noting that the platform was down for about 20-30 minutes on May 4. The following day, CSU received a message from Instructure informing them that the group had breached the system and accessed usernames, email addresses, and student ID numbers in late April.

The company reportedly told its clients that “there is no evidence that passwords, Social Security numbers, financial information, or other highly sensitive data were compromised.”

In addition to the CSU and University of California systems, other local universities that utilize Canvas include Stanford University and Peralta Community College District. Per CNN, Columbia University, Rutgers, Princeton, Kent State, Harvard, and Georgetown are also clients. Students were warned not to click on any links on the website during the attack.

A report page on Instructure’s site said the platform was in maintenance mode Thursday.

Image: San Francisco State University's Student Center; Briantrejo/Wikimedia