Princeton, other universities nationwide lose access to Canvas platform in data breach
The attack on Canvas, which is used by students and faculty, reportedly may have affected nearly 9,000 educational institutions worldwide.
Princeton, Rutgers, and other higher education institutions nationwide on Thursday night reported losing access to Canvas, a learning management system used by students and faculty, because of a reported data breach.
Shortly before 8:20 p.m., Princeton University announced on social media that Canvas was experiencing an outage.
“Be alert for phishing messages referencing Canvas, your courses, or account recovery. Princeton will not direct you to unverified third-party sites for Canvas-related communications, and will not request passwords, Social Security numbers, or account information by email, text, or phone,” the university wrote.
Rutgers University said the outage had interrupted student exams.
“Rutgers is evaluating next steps due to the interruption of Canvas during the exam period. The university understands that student exams, project submissions, and other efforts may have been interrupted due to this incident. Thousands of institutions are dealing with this incident as well. Additional information will be provided to students, faculty, and staff as it becomes available” the university said.
Other major institutions across the country also announced they were having problems with Canvas.
“As you may be aware, the Canvas Learning Management System is currently experiencing an outage due to a cybersecurity incident targeting Instructure, the parent company of Canvas,” the University of Florida wrote in a detailed announcement.
The Daily Pennsylvanian, the university’s student newspaper, reported that the breach was affecting Penn. The university itself had not yet publicly acknowledged the outage Thursday night and could not be reached for comment.
Canvas is used for coursework and communications between students and faculty, among other functions. Instructure said that the breach involved information containing “names, email addresses, and student ID numbers, as well as messages among users.”
The Daily Pennsylvanian reported that a message was posted on Penn’s Canvas page by the hackers warning universities that data would be released if they weren’t contacted before May 12.
Inside Higher Ed reported earlier this week that the criminal extortion group ShinyHunters claimed to have attacked Instructure, the company that oversees Canvas, and breach affected nearly 9,000 school worldwide.
The Daily Pennsylvanian said the same cyber group targeted Penn last fall.
