Canvas was back online Friday after a cyberattack disrupted schools and universities, forcing some students and instructors to adjust during finals.
Canvas, the learning platform used by thousands of schools and universities, was back online Friday for most users after a cyberattack forced the system offline and disrupted students and teachers during finals week.
Instructure, the company behind Canvas, said it took the platform offline after learning that hackers had “made changes to the pages that appeared when some students and teachers were logged in.” The company said the attackers exploited an issue tied to its Free-For-Teacher accounts and that those accounts were temporarily shut down as access to Canvas was restored.
“This gives us the confidence to restore access to Canvas, which is now fully back online and available for use,” Instructure said in a statement to CBS News. “We regret the inconvenience and concern this may have caused.”
The outage hit at a difficult point in the academic calendar, as students were preparing for final exams and trying to reach course materials, assignments, grades, lecture videos and other records housed inside Canvas. Teachers also had to find workarounds for students trying to study or submit final assignments.
Some schools adjusted schedules in response. The University of Texas at San Antonio pushed back finals scheduled for Friday, and Penn State told students that tests scheduled Thursday and Friday at its Pollock Testing Center were canceled.
Schools reporting effects included Penn State, the University of Wisconsin-Madison, Columbia University, Union College New Jersey, UCLA, Northwestern University, the University of Chicago, the University of Illinois Chicago and the University of Illinois. The student newspaper at Harvard also reported that Canvas was down there, and some public school districts sent reassurances to families. Officials in Spokane, Washington, said they were not aware of sensitive data contained in the breach.
Luke Connolly, a threat analyst at the cybersecurity firm Emisoft, said the hacking group ShinyHunters claimed responsibility for the breach at Instructure. Connolly said the group posted online that nearly 9,000 schools worldwide were affected and claimed that billions of private messages and other records had been accessed.
The full scope of any data exposure remained unclear from the material available Friday. Connolly said screenshots showed the group had threatened to leak data and set deadlines of Thursday and May 12, but by Friday Instructure and Canvas had been removed from a dedicated dark web leak site used by the ransomware group to publish stolen data.
The incident underscored how dependent schools have become on digital learning systems, particularly during exam periods, and how disruptive an attack can be even when service is restored quickly. Instructure’s next public updates will be important for schools and families trying to understand whether any personal or academic information was exposed.
Comments (0)