The homepage of Instructure during the cyberattack on Thursday. LBCC and thousands of other schools lost access to Canvas due to a criminal hacker group called ShinyHunters (Chloe Hall)
A major cybersecurity breach involving Instructure, the platform for the Canvas Learning Management system, has disrupted over 9,000 schools and colleges across the United States on Thursday, raising concerns about the privacy protection of students’ and faculty information stored on the platform. As of Friday, LBCC has restored Canvas.
According to multiple reports, the attack is claimed by hacking group ShinyHunters and threatened to release stolen data unless a ransom was paid.
As of now, there is no specific ransom amount that has been confirmed in the Canvas LMS cyberattack. Insider Higher Ed reports that the hacking group ShinyHunters is open to negotiation with schools that are affected in order to “prevent[ing] the release of their data” before May 12.
The attack is also having a major effect on colleges, including Long Beach City College, where Canvas is heavily relied on daily for assignments, grades, announcements, and communication between professors and students.
On May 7, LBCC’s Information Technology Services sent a schoolwide email informing students and faculty about the incident and warning users not to interact with suspicious messages appearing on Canvas.
“Information Technology Services (ITS) is aware of the messages appearing when someone accesses Canvas. This is affecting all users of Canvas, not just users from LBCC.”
The email also clarified that the LBCC systems had not been directly compromised.
“Know that LBCC systems are unaffected by this incident, but we are taking precautions and will be blocking access to Canvas until this is resolved,” the message stated.
A student technology assistant at the Student Help Desk at LBCC, Michael Mizuguchi, was asked about the implications of the incident as soon as the site became inaccessible for schools impacted by the attack and what LBCC was advised to do about it at the moment.
“We don’t really have much control over it. Our IT team is currently working with Intruscture to find a solution. As far as I know, for students, going forward, treat it like every other day. Going forward there isn’t much advisement because as of right now, it’s a waiting game,” said Mizuguchi.
According to the UC Berkeley Information and Security Office, “The information that may have been involved includes names, email addresses, student ID numbers, and messages exchanged in Canvas/Courses. There is no evidence that passwords, birthdates, government IDs, or financial information were compromised, but this may change as the investigation progresses.”
As a precaution, LBCC temporarily removed access to Canvas LMS from its website while ITS monitored the situation.
A class cancellation posted at LBCC during the Canvas outage caused by a nationwide cybersecurity breach on Thursday. (Chloe Hall)
Some professors have begun adjusting coursework and communication methods while access to Canvas is limited.
Professor Patti Valella, an associate professor in Life Sciences, details the adjustments that she has to make on such short notice.
“I didn’t find out because I work late, my class is 4:30 to 9:15, I just got here, like 2 o’clock and on my way in I found out from a co-worker that Canvas was down…The problem I’m going to have is they don’t have access to the information that they need because I upload everything into Canvas… So if worse comes to worse, I can just email them [coursework] to the students through regular email…” said Valella.
The impact of the Canvas shutdown had extended into instruction with classes being cancelled during the outage.
According to Rebecca Rathfelder, a math laboratory coordinator at the Math Success Center, the college’s current response is the only immediate action the school can take while waiting for updates from Canvas and IT.
“So at the moment, the only thing we can do is direct students to physical resources that we have, or try to relay those physical resources to them online, if they’re contacting us through phone or email, that we can use workarounds to get them to our online tutoring.”
Rathfelder says she believes both the college and the support staff are responding appropriately to the situation.
“I feel like it is taking the steps that they need to, and then we’re taking the steps that we need to. So we all have our own roles to play.”
By late evening on Thursday, access to Canvas had been restored for many users at LBCC after the earlier outage that affected students and faculty.
During the evening on Friday, ITS sent out an email.
Access to Canvas has been restored. Information Technology Services (ITS) will continue to monitor updates from Instructure, the Chancellor’s Office, and the California Community Colleges Security Center and will share additional information as needed.”
While services appear to be restored, a broader investigation into the breach and its impact on user data remains ongoing.
You must be logged in to post a comment.