The web-based learning management system used across the Cal State University system is down on all campuses and at the chancellor’s office on Thursday afternoon, and UC Berkeley’s learning management platform, bCourses, has been seized by hackers.
All 43,000 students at UC Berkeley use bCourses to access class materials. When a student attempts to log in, they see a red warning label informing them that Instructure, the company that owns Canvas, has refused to pay a ransom.
In a statement to the Daily Californian, the cybercrime group ShinyHunters claims to have stolen “more than 600,000” UC Berkeley student and staff records and says it will leak them if the campus does not pay a ransom.
UC Berkeley acknowledged the attack in a message from Vice Provost of Undergraduate Education Oliver M. O’Reilly, who advised the campus not to attempt to access Canvas through any browser or device and to close browsers logged into Canvas immediately.
It was not immediately clear as of 4 p.m. Thursday whether the system failure across the CSU system was connected to the hacking of UC Berkeley’s platform.
According to Raleigh, North Carolina-based WRAL news, ShinyHunters also sent ransom notes to several schools in North Carolina, including the University of North Carolina at Chapel Hill, North Carolina Central University and Duke University. Several colleges and universities reported their Canvas apps were down, including the University of Pennsylvania and the University of Oklahoma.
TechCrunch reported Thursday that ShinyHunters has claimed to have stolen data from almost 9,000 schools around the world since Tuesday, with the stolen files allegedly containing information on 231 million people.