Canvas Hacked: Bay Area Colleges Disrupted By Global Cyberattack on Learning Platform

Students at colleges across the Bay Area found themselves locked out of a widely used learning platform Thursday after hackers seized the data of an educational technology company and demanded a ransom to prevent its release.

UC Berkeley, San Francisco State University, Stanford and the Peralta Community College District are among the schools reporting that Canvas is offline.

Students use the system to view and submit assignments, take part in class discussions, access syllabi and learning materials, and more.

The hacker group ShinyHunters claimed responsibility for the cyberattack against Instructure, the Salt Lake City-based company behind Canvas.

Nearly 9,000 schools worldwide are affected, the hackers said, adding that the data breach includes the private messages and other “personally identifiable information” of 275 million individuals.

University leaders were first made aware of a breach involving Canvas in the first few days of May, according to the California State University system, but the platform remained operational until Thursday.

CSU officials said Tuesday that the Instructure CEO and chief security officer reported that “there is no evidence that passwords, Social Security numbers, financial information, or other highly sensitive data were compromised.”

On Thursday, the CSU said Canvas was down across all of its campuses and at the central chancellor’s office.

“This situation is fluid, and we are working with Instructure to determine the full scope of impact,” the CSU’s Canvas status page said.

The University of California system directed all of its campuses to take Canvas offline, saying in an update Thursday that “Canvas access will not be restored until we are confident the system is secure.”

Some students trying to access Canvas earlier reportedly saw a screen from ShinyHunters saying that Instructure had failed to pay their ransom. The hackers gave Instructure and any affected schools until May 12 to negotiate a settlement to prevent the data from being released.

Instructure did not immediately respond to a request for comment. The company posted a status update Thursday afternoon saying that “Canvas, Canvas Beta and Canvas Test are currently in maintenance mode. We anticipate being back up soon.”

On Wednesday, the company’s status page reported a “cybersecurity incident perpetrated by a criminal threat actor,” though it said that “Canvas was fully operational, and we are not seeing any ongoing unauthorized activity.”

At UC Berkeley, Canvas was not operational on Thursday, a university official wrote in an email to students. “This issue is impacting institutions and users globally, and we are actively monitoring the situation,” wrote Oliver O’Reilly, vice provost for undergraduate education.

With finals around the corner, O’Reilly acknowledged the effect the outage could have on instruction.

“We recognize this significant disruption affects teaching and learning across campus. Students should await instructions from their instructors regarding temporary arrangements for submitting assignments and accessing course materials,” O’Reilly said.

Officials at the Peralta Community College District warned students not to click on any links related to Canvas or the hacking message until they are notified that Canvas is operational.