Schools and universities across the country are recovering from power outages I knocked the canvasan online platform that manages exams, course notes, lecture videos, and grades. The disruption is linked to a cyberattack that occurred in the middle of final exams for many colleges, a high-stress time when students and teachers rely heavily on the platform.
By late Thursday, Instructure, Canvas’s parent company, said the platform was Available again For most users.
Luke Connolly, a threat analyst at cybersecurity firm Emsisoft, said the hacking group ShinyHunters claimed responsibility for the hack. On Friday, Instructure and Canvas no longer appeared on the site where ShinyHunters lists its targets.
However, some schools continued to block students and teachers from accessing Canvas, citing extreme caution while assessing security threats.
Here’s what to know about the outage.
Schools and universities use Canvas to manage almost all aspects of teaching. The platform serves as a gradebook, a hub for digital lectures and study materials, a discussion board for classroom projects, and a messaging platform between students and teachers.
Some courses also offer tests and exams on the platform, or use it as a portal through which final projects and papers are submitted by the deadline.
ShinyHunters is a loose association of teenage and young adult hackers in the US and UK who have been linked to other large-scale cyberattacks, including an attack on Ticket managerConnolly said. On the page listing its goals, the group describes itself as “working to root your systems since 1919,” using a term for reaching the deepest layer of a computer system.
Earlier this week, ShinyHunters said nearly 9,000 schools and 275 million individuals’ data could be leaked if schools don’t pay the ransom by the May 6 deadline. The group then extended the deadline, suggesting that some schools had teamed up with them to negotiate.
In a statement posted on the ransomware website ShinyHunters, the group said it would not comment on the incident.
Schools and universities, rich with personally identifiable information about students, teachers and staff, have become prime targets for criminal hackers in ransomware attacks. Targets can be individual areas, e.g Minneapolis Public Schools or Los Angeles Unified School DistrictOr third-party vendor platforms like Canvas or PowerSchool that education systems increasingly rely on to manage timetables, courses, and exams.
Although most schools appear to have regained access to Canvas, disruptions around final exams will likely continue throughout the week.
The University of Massachusetts at Dartmouth said it will postpone exams scheduled for Friday and Saturday to ensure students have time to review course material that was not accessible during the closure.
The University of Illinois has postponed all exams that were scheduled to take Friday, Saturday, or Sunday for all classes, regardless of whether courses use Canvas.
Montgomery County Public Schools in Maryland continued to restrict access to Canvas on Friday, citing an abundance of caution “as we work to better understand the full impact of the incident and any potential vulnerabilities related to information associated with the platform.”
The data breach appears to include student ID numbers, email addresses, names and messages on the Canvas platform, Steve Proud, chief information security officer at Instructure, said in an update shared on May 2. He said the company found no evidence that passwords, dates of birth, government identification or financial information had been compromised.
Even as Canvas comes back online, cybersecurity experts are urging affected students and teachers to remain alert.
Other bad actors could attempt to capitalize on the effects of the breach through additional phishing attacks. Someone impersonating a school district, for example, could send a malicious message asking users to reset their Canvas password, warns Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance.
“Be very careful about any incoming messages,” Steinhauer said, especially if you are asked to take urgent action.
Experts stress that major breaches represent an important reminder for consumers to reconsider overall “cyber hygiene” best practices.
The basics include creating passwords that are difficult to guess, using Multi-factor authentication When possible and monitor online accounts for any suspicious activity. In addition to the Federal Trade Commission Notes Credit bureaus nationwide — such as Equifax, Experian and TransUnion — offer free credit freezes and fraud alerts that consumers can set up to help protect themselves from identity theft and other malicious attacks.
___
AP’s education coverage receives financial support from multiple private foundations. AP is solely responsible for all content. Search for access points Standards To work with charities, a existing From supporters and sponsored coverage areas at AP.org.