MORNINGSIDE HEIGHTS, Manhattan (WABC) — The multi-purpose grade and workflow sharing system Canvas is back online for most after it was disrupted by what its parent company described as a cybersecurity incident.
The breach impacted thousands of educational institutions that use Canvas from kindergarten through graduate school.
Some schools are still postponing final exams, citing security concerns. Canvas serves as a digital hub for students and teachers ad was taken down by a hacker group on Thursday night.
Now there are concerns about whether the personal data of millions of students may be at risk.
With final exams approaching, students at Columbia University say the breach to the learning platform is adding stress at the worst possible time.
Students said the outage limited their access to essential study resources.
"An inconvenience? I mean, majorly, I have some final projects that were due, they were not turned in on time due to the Canvas disruption," student Barry Battle said.
Infrastructure, Canvas' parent company, reported it had been affected by a "cybersecurity incident perpetrated by a criminal threat actor."
A hacking group named ShinyHunters claimed responsibility for the breach and threatened torelease data unless it was paid a ransom.
School like Columbia, Rutgers, Princeton university and more were among the schools locally that had their Canvas sites hacked.
Robert Kasdin, Columbia University Senior Executive VP, said that the application was restored for people on campus and they hoped to make it available to those logging in remotely.
Rutgers said, "Canvas access remains suspended during an assessment of the safety and stability of the system following the global outage."
It says users currently logged into Canvas should close their browsers and clear their cache.
The breach may have exposed personal information including names, email addresses, phone numbers, student ID numbers and internal messages, according to cybersecurity expert Rachel Tobac.
Tobac said online education tools are frequent targets for hackers and recommended keeping software updated and avoiding password reuse to reduce risk.
Tobac said that while hackers are not claiming to have passwords, the information they do have could still be used to craft convincing phishing attempts.
"You can kind of imagine after this kind of attack you get an email or text from someone who claims to be your professor saying hey you need to finish your exam right now – click here," said Tobac, CEO of SocialProof Security. "It's kind of custom made for you because they have so much information about you because of this data breach."
According to Canvas' website, it has about 30 million active users.
———-
* Get Eyewitness News Delivered
* More Manhattan news
* Send us a news tip
* Download the abc7NY app for breaking news alerts on the go
* Download our connected TV app
Have a breaking news tip or an idea for a story we should cover? Send it to Eyewitness News using the form below. If attaching a video or photo, terms of use apply.
