Canvas software hack disrupts education nationwide
While CCUSD uses the management software as part of its educational strategy, it was not one of the approximately 9,000 educational institutions impacted by this hack
This story is developing and will continue to be updated
Hackers have breached Canvas, an educational platform used by schools across the country — including those in the Culver City Unified School District — to threaten the theft of important data as part of a cyberattack aimed at blackmailing institutions into paying to protect themselves.
The hack was carried out by ShinyHunters, a hacker group that has previously targeted education infrastructure. The group breached Instructure, the company that runs Canvas, and affected users initially saw a message from the hacker group when they attempted to log in. Canvas is the learning management system used by CCUSD, and students’ ability to complete assignments or take tests can be compromised when it is inaccessible.
An estimated 275 million students and teachers at approximately 9,000 educational institutions were affected, and the impact goes beyond preventing students and teachers from using the platform. Data potentially breached includes names and student ID numbers, and private messages sent on the platform are also in this group's hands. Fortunately, the Culver City Unified School District has not been impacted by this breach.
“CCUSD reached out to Canvas immediately once we heard of this news, and learned that we were not impacted,” a statement from the District said.
News of the hack first surfaced at the University of Pennsylvania on Sunday, but no action was taken until Canvas was taken down this afternoon, preventing students and faculty at Penn and other educational institutions from accessing it. According to the message seen by users on Thursday, Instructure attempted to stave off the hack but apparently failed as ShinyHunters took control.
“ShinyHunters has breached Instructure (again),” the warning read. “Instead of contacting us to resolve it, they ignored us and did some ‘security patches.’”
Students across the country encountered the message when trying to access the site on Thursday. Similar to ransomware, the message demands a settlement payment to the group and threatens to release the personal information associated with Canvas should that payment not be made.
According to reporting from college news outlet The Daily Penn, the message was replaced with a notice that Canvas was undergoing maintenance around 1:20 p.m., and the service has yet to be restored at the time of publication.
The message states that impacted institutions have until the end of the day on Tuesday, May 12, to send payment to have their sensitive data returned and kept confidential. This group has a history of following through with their threats, having released a trove of data from Penn taken through a hack last October.
A list of approximately 9,000 institutions nationwide impacted by the hack — which includes several UC schools — was posted alongside the message Thursday.
According to the Daily Cal, which obtained the list of impacted institutions from ShinyHunters, multiple UC campuses — including Berkeley, UCLA, UC Davis, UC Irvine, and UC Riverside — are among the schools whose Canvas data and access have been compromised.
Comments ()