Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

Briefly

"Canvas parent company Instructure said that as of Friday morning, the platform was back online. Instructure said it temporarily took Canvas offline on Thursday after identifying unauthorized activity in its network. The threat actor was the same one responsible for a data breach that Instructure disclosed a week ago. Data accessed included user names, email addresses, student ID numbers, and messages exchanged on the platform. The company said it has no indication that passwords, dates of birth, government identifiers, or financial information were involved."

"As students were trying to prepare for and take final exams Thursday, Canvas login pages displayed a ransom demand. It said Instructure had rebuffed the group's earlier demands and encouraged individual schools to negotiate directly with them. The note and the outage sent schools and colleges scrambling. The University of Illinois reportedly postponed all final exams and assignments scheduled for Friday, Saturday, and Sunday. The University of Massachusetts Dartmouth rescheduled or extended due dates for exams."

"A ransomware group known as ShinyHunters claimed responsibility for the breach on its dark web site. It claimed the data it took came from 275 million people associated with 8,800 schools. Canvas login pages displayed a ransom demand as students tried to prepare for and take final exams. The disruption led universities to adjust schedules and deadlines."

"Canvas isn't the only learning platform to be struck by a cyberattack. Last year, PowerSchool, a firm that provides cloud-based software to 60 million students from 16,000 K-12 schools worldwide, disclosed a breach that exposed years' worth of sensitive data, including names, addresses, and disciplinary records. ShinyHunters has operated for years as a loose collective."