The web-based learning management system used across the University of California and California State University systems was back online as of Friday morning after an outage Thursday, but many campuses were still affected, blocking access to the platform.
Students worldwide received a message Thursday from the hacker group ShinyHunters when they logged into the learning management system Canvas, where all course materials are stored.
ShinyHunters claims to have stolen more than 3.65 terabytes of student data from over 9,000 schools worldwide, including information from over 275 million users, by breaching Instructure, the company that provides Canvas to many colleges and universities.
On Friday, the provost of Sacramento State University issued an update stating that Canvas has been restored, but that the CSU system has not enabled access out of caution.
System leaders for the University of California and the state’s 116 community colleges gave similar guidance.
“Out of an abundance of caution, the University of California Office of the President has instructed all UC locations to temporarily block or redirect Canvas access, and Canvas access will not be restored until we are confident the system is secure,” UC said in a statement.
The chancellor’s office, overseeing the community colleges, on Friday advised campuses “to limit access to Canvas until Instructure can formally confirm that students and employees are no longer at risk,” according to the Rancho Santiago Community College District.
The system attack comes as students take or prepare for final exams.
“Frankly, it’s coming at the worst time possible,” CSU Northridge student Alfonso Vargas told ABC News. “It’s during finals week. Teachers are finding out right now. I’m a little worried whether they extend the deadline or not, because I have a term paper due … . I’m not too sure if the teachers are going to be allowed to. I’m not too sure. I hope this can be figured out as soon as possible.”
A notice on the CSU system website stated that hackers may have had access to student names, email addresses, ID numbers and Canvas user messages. Canvas does not, however, store passwords, Social Security numbers, financial information or dates of birth, according to the notice.
School districts were also affected by the hack. The Long Beach Post reported that teachers in the Long Beach Unified School District use Canvas to store student projects. One high school teacher said he switched to using Google Suite, allowing students to continue to work on their projects. Another teacher said that student progress reports were due, but that she couldn’t access the system to enter grades.