PHOTO: Courtesy of WLUK
GREEN BAY, WI (WTAQ-WLUK) — A popular learning management system is recovering after it suffered a major cyberattack that resulted in an outage Thursday.
Canvas, owned by Instructure, is used by school districts and universities worldwide, including many here in Northeast Wisconsin, such as UW-Green Bay.
As of Friday morning, Instructure said Canvas was working again for most users. But the hacking of a single computer system put a brief pause on the educational operations at 9,000 school campuses around the globe. Students use Canvas to submit assignments, access class materials, take quizzes and tests and communicate with their instructors.
“I’m in one of the hardest semesters of my college career for my major and I can’t do anything, and it’s all due in a week and I have like 12 assignments and finals to do,” UW-Green Bay junior Kelli Ruiz said.
“Can’t access anything, can’t do any of my assignments. It is finals week, so it’s not ideal, for sure,” added freshman Ellie Eagleson.
Shiny Hunters, the group behind the cyberattack, demanded a ransom due by May 12. It’s unclear whether or not it was paid.
As a result, the hackers may have compromised millions of users’ personal information, like names, emails and student ID numbers. Students have mixed feelings on the breach.
“I’m not too alarmed about it. I mean, I heard about that. I don’t know. I hope not,” Eagleson said.
“The joke is, if anyone wants to hack it and do my homework, feel free. But it’s not great when we have all this very personal data that the university holds about us,” Ruiz said.
The exposure of personal information is a big concern. Cybersecurity experts said there are important steps students should take moving forward.
“Freeze your credit with the three credit reporting bureaus,” said Curt Esser of Esser Consulting, LLC, based in Appleton. “If they freeze their credit and lock out the hackers from that, that is one less thing to worry about for them.”
Esser said freezing credit will help ensure Shiny Hunters doesn’t take out new credit in the victims’ names. He also suggested students create strong passwords and be cautious of phishing scams when logging back into Canvas.
Esser said it’s concerning that a single hack derailed operations at so many schools, but he believes Instructure’s quick recovery says a lot about the company’s safeguards.
“They weren’t able to prevent it from happening, but they were able to respond and try to minimize the damage that occurred… Instructure did a very good job,” Esser said.
An update Friday from Instructure said there’s no evidence passwords, dates of birth, Social Security numbers or financial information were compromised.
In a message to its students, the university said they can now log in and resume normal Canvas activity.
Comments