Canvas parent company Instructure announced Thursday night that Canvas had returned online for most users after portions of the platform were briefly placed into maintenance mode during the company’s response to the incident.
Source: Instructure
Images: Courtesy
The Canvas online learning platform was restored Thursday evening following a cybersecurity incident that temporarily disrupted access for schools and universities across the country, including users connected to Las Cruces Public Schoolsand New Mexico State University.
Canvas parent company Instructure announced Thursday night that Canvas had returned online for most users after portions of the platform were briefly placed into maintenance mode during the company’s response to the incident.
“Canvas is now available for most users,” the company posted on its public status page Thursday evening, though Canvas Beta and Canvas Test systems remained in maintenance mode.
The outage followed a cybersecurity incident first disclosed by Instructure on May 1. In a series of updates posted to its status page, the company said outside forensic experts were assisting with the investigation and that the incident had been “contained” as of Tuesday afternoon.
According to Instructure Chief Information Security Officer Steve Proud, the company revoked privileged credentials and access tokens associated with affected systems, deployed security patches, rotated certain keys “out of an abundance of caution,” and increased monitoring across its platforms.
The company stated that information potentially exposed during the incident may have included names, email addresses, student ID numbers and messages exchanged among users at affected institutions.
“At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved,” the company stated in its May 6 update.
The brief maintenance outage Thursday afternoon and evening came after reports earlier in the day that some users had seen unauthorized messages appear within Canvas. Las Cruces Public Schools advised families Thursday afternoon not to access Canvas until additional information became available and said students would not be penalized for disruptions related to the outage.
While the cybersecurity investigation remains ongoing, Instructure stated Wednesday that “Canvas is fully operational” and that the company was no longer seeing ongoing unauthorized activity.
The company also encouraged schools and organizations using Canvas to follow additional security measures, including multi-factor authentication for privileged accounts, reviewing administrative access and rotating API keys where applicable.
Canvas is one of the most widely used online learning management systems in the United States, providing online access to assignments, grades, coursework and classroom communication for K-12 schools and universities nationwide.
You must be logged in to post a comment.