Canvas, a learning management platformused by thousands of schools and universities, was down forhours on May 7 after a cyberattack, disrupting access to grades and coursework during spring finals season for many.
Colleges and universities across the United States, including theUniversity of Michigan,Harvard University, andPennsylvania State University, disclosed on May 7 that Canvas had reported a security incident and was experiencing an outage. The incident disrupted classes, coursework and exams.
Hacking group ShinyHunters claimed responsibility for the alleged breach at Instructure, the company that owns Canvas, according toThe New York TimesandCNN. The group claimed that nearly 9,000 schools worldwide were affected, and that the data of 275 million individuals — including students, teachers and other staff — was stolen. ShinyHunters gave affected schools a deadline of May 12 "to negotiate a settlement," according to CNN, and told Instructure to "pay or leak."
As of May 8,Instructure said it found no evidencethat "passwords, dates of birth, government identifiers, or financial information" were involved in the data breach. However, it said "names, email addresses, student ID numbers, and messages among Canvas users" were accessed.
Is Canvas back up?
On May 8, Canvas wasagain available for most users, according to astatus update on operator Instructure’s website. Additionally, Instructure said that "Canvas is fully back online and available for use" on a different page. Instructure says it contacted impacted organizations on May 5, and that students, parents and employees at affected schools should take whatever action is suggested by their individual institutions.
Advertisement
"In the meantime, it is always a good practice to be cautious of unexpected emails or messages referencing this incident, avoid clicking suspicious links, and report anything unusual to your school or institution’s IT or security team," Instructure's website states.
Earlier, the company said Canvas and other related sites had been placed "in maintenance mode" and it was "investigating an issue where some users are having difficulties logging into Student ePortfolios."
A blog postby cybersecurity company Malwarebytes recommends several additional actions for those at affected institutions, including changing the passwords for accounts that shared them with Canvas accounts, remaining alert for follow-up phishing scams and turning on multi-factor authentification where possible.
Sarah Perkel is a South Florida Connect Reporter for the USA TODAY Network's Florida Connect team. You can get all of Florida’s best content directly in your inbox each weekday day by signing up for the free newsletter,Florida TODAY.
This article originally appeared on USA TODAY:What happened in the data breach that took Canvas offline
