The Wellesley Public Schools district on Thursday was among thousands of education organizations worldwide affected by a cyberattack on a software maker called Instructure’s Canvas learning management system. The Canvas system was restored by the software maker late Thursday, but WPS is keeping its edition disabled based on legal advice from an industry group.
Canvas is used to manage grades, homework assignments, and more.
Adam Steiner, WPS director of educational technology, alerted the community on Thursday night that “Canvas is currently experiencing a total service outage due to an ongoing cyberattack. Because the platform is offline, students and staff cannot log in at this time. Canvas has not provided a specific time for when it will be back up. We are monitoring this situation and will notify you as soon as we have more information.”
The software maker posted on its website that it detected unauthorized activity in Canvas on April 29, and started an investigation. Then on May 7, it identified additional unauthorized activity tied to the same incident. “The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.” So that’s what accounted for the outage.
Data taken in the April 29 incident included “certain personal information, such as names, email addresses, student ID numbers, and messages among Canvas users,” according to Instructure. It has found no evidence that juicier information was comprised, and has seen no evidence that data was swiped on May 7.
Regardless of the system being back up, WPS is keeping Canvas disabled for now.
On Friday, WPS issued this update:
Based on advice this morning from the attorneys of the TEC Student Data Privacy Alliance, the district has made the decision to disable the Canvas learning management system until the platform’s security can be confirmed and our student data is secure. As you know, Canvas has been hit with a significant cyber attack, and the SDPA is still in the process of evaluating the security of the platform.
At this time, we do not know when Canvas will be safe to reactivate for WHS. We know this is extremely disruptive to our students and teachers and WHS is working now to develop alternate ways to share content and collect work from students. Solutions will be specific to each class. For AP classes, we are looking for ways to help teachers move test prep materials to another platform to share with students.
The WPS technology department will continue to monitor the situation and keep our WHS community up to date. We apologize for this disruption and will work to support our students and teachers until it can be resolved.
If you’re having déjà vu with this news, that might be because the school district last year was impacted by a nationwide breach of the PowerSchool software system used to manage school records and more.
Please send tips, photos, ideas to theswellesleyreport@gmail.com
Canvas was not a teacher idea anyway.