Update as of 11:32 p.m., May 7
Canvas is back online with limited access.
The Provost and Executive Vice President of Academic Affairs, Pranesh Aswath, sent an email to faculty, students and staff providing guidance on moving forward throughout finals season, with online exams, assessments, and finals continuing as scheduled.
“We are working to mitigate the impacts of the Canvas outage that affected our campuses and thousands of institutions across the country,” Aswath wrote.
Aswath advises students to monitor their university email for communication between their instructors regarding assignments, exams, or alternative submissions in case of additional Canvas outages.
Faculty were also given guidance to focus on students’ success, as some students may not have access to the required material housed in Canvas needed to prepare for exams and complete assessments.
Faculty are advised to make reasonable accommodations for deadlines that were impacted by the Canvas disruption.
“It is possible that Canvas will be disrupted again. Please remain flexible and in communication with students if additional outages occur,” Aswath wrote.
Aswath instructed faculty to download current gradebooks from Canvas in case of another disruption.
“While initial reports indicate no evidence of compromised passwords, please remain vigilant regarding potential phishing attempts. If you are suspicious about any possible phishing attempts, please contact ITAC,” Aswath wrote.
Additionally, ITAC sent out an email stating that Canvas remains accessible, with certain features experiencing limited functionality.
Students, faculty and staff still experiencing issues with Canvas are advised to contact ITAC.
Update as of 9:14 p.m., May 7
Canvas service appears to have been restored, with Instructure listing the platform as “operational,” with the Student ePortfolios still having a “partial outage.”
Update as of 7:18 p.m., May 7
Dan Owen, Texas State’s chief information security officer, said that Texas State has not received a ransom notice, nor was it on the list of 9,000 affected educational institutions, including universities and K-12 school districts, the cybercriminal group shared.
While the list could possibly be incomplete or incomprehensive, students and faculty should be on the watch for any phishing emails or other hacking attempts due to increased risk. Other hacking groups may attempt to further attack the university, knowing it is currently dealing with a breach, according to Owens.
“I can’t confirm that any Texas State information has been breached at this point. I would say there’s a good chance that has happened,” Owen said.
Instructure may pay the ransom, but the universities most likely won’t, according to Owen.
“Everybody is in the same boat and what we know so far is that the threat actors, ShinyHunters, they claim that they have data that includes names, email addresses, student ID numbers and messages among users within the Canvas platform,” Owen said.
Canvas is utilized by 41% of higher education institutions across North America. Canvas contains personally identifiable information, which could be seen as a high-value target to cybercriminal groups.
“I can tell you there’s no Texas entity, no public university or like a Texas State agency would consider paying a ransom,” Owen said. “… other than Canvas being down, the information that we believe has been disclosed, it’s not great, but it’s also good that it’s not financial information.”
The first breach Instructure suffered from the cybercriminal group happened on May 1, claiming to have access to professor and student data, according to Inside Higher Ed.
Until Instructure fully removes the cybercriminal group from its system, Owen said it is still unknown when Canvas will be available again.
Original Story
Canvas is experiencing a nationwide data breach, leading to a shutdown and halting finals at Texas State.
In an email to students, staff and faculty, Texas State’s Division of Information Technology asserted that it is working with Instructure, the parent company of Canvas, to determine if the university is a part of the data breach.
“Instructure/Canvas has confirmed they have experienced a data breach and Texas State Information Technology is working with Instructure to determine if Texas State data may be affected. Instructure has identified the following data points as potentially being exposed: Name, Email Address, ID number and Canvas Message,” the email stated.
According to several student newspapers, including The OU Daily, The Duke Chronicle, The Harvard Crimson and The Collegiate Times, a cybercriminal group known as ShinyHunters has sent messages to Canvas users threatening to release the stolen data on May 6.
Director of Communications and Public Relations Jayme Blaschke wrote in an email statement to The Star that the university is closely monitoring the Instructure/Canvas data breach.
“The TXST Information Security Office is working with Instructure to determine if any university data may be affected. TXST recommends remaining vigilant against suspicious emails or phishing attempts,” Blaschke wrote.
While it is unclear if Texas State has received the ransom demand, ShinyHunters breached Instructure and left the message on Canvas for users to see, stating universities have until May 12 “to negotiate a settlement” to prevent the release of data, according to The Duke Chronicle.
Currently, the hacker’s message was replaced with the site stating it was “currently undergoing scheduled maintenance,” as reported in The Duke Chronicle.
The Provost and Executive Vice President of Academic Affairs Pranesh Aswath emailed faculty about how to navigate the situation, advising faculty to call the IT Assistance Center (ITAC) for any technical questions.
“Because it is finals week, I ask that you work to provide your students with the needed alternatives or extensions that are necessary to support their ability to complete the final exams and assignments,” Aswath wrote.
Instructure’s status on real-time data with Canvas shows that Student ePortfolios is currently having a partial outage and the Learning Management System (LMS), or Canvas, is under maintenance.
Currently, ITAC is working on the issue with Canvas with no estimated time of when Canvas will be available again.
This is a developing story. The University Star will provide updates as they become available.
