Cybersecurity

Colleges around the world see web outages after vendor hack

By Alicia Tang and Lynn Doan
Opportunistic hackers have for years found schools to be easy targets, but universities have been especially hard-hit in recent months. — Photo by Anastassia Anufrieva on Unsplash

Colleges from the US to Australia reported disruptions to a popular online portal used by students at thousands of institutions to take tests and receive grades, days after a cyberattack against its operator.

Instructure Inc, which runs the Canvas online learning portal, first disclosed "a cybersecurity incident perpetrated by a criminal threat actor” on May 1, according to a post on the company’s website. The firm announced late Thursday that Canvas was "now available for most users” without elaborating. Instructure did not immediately respond to a request for comment outside of normal business hours.

College students use Canvas for everything from accessing course materials and turning in assignments to checking grades and taking tests. Schools around the world – from Stanford University in California to the University of Oslo in Norway and Australia’s Adelaide University – reported problems with the portals. Yale University, Columbia University and Princeton University also experienced issues.

Opportunistic hackers have for years found schools to be easy targets, but universities have been especially hard-hit in recent months. Last year, a series of hacks at Ivy League schools including Harvard University, Princeton and the University of Pennsylvania exposed the information of alumni, donors and students.

Following the latest breach at Instructure, some colleges warned that student information might’ve been accessed as part of the hack. Yale said on its website that the incident involved unauthorised access to user data in Canvas, potentially including names, email addresses and messages sent through the system. 

Stanford said certain identifying information including names, email addresses, student identification numbers and messages between users might’ve been compromised. 

Rutgers University said in a statement that it was unclear what school data may have been compromised. Baylor University warned students of phishing messages that may aim to steal their information from attackers impersonating the school’s IT staff.  

A Duke University security spokesperson confirmed the incident and said the school is "closely monitoring the incident,” according to the student publication there.

A prolific cybercrime group, ShinyHunters, said it was responsible for the hack in a dark web post seen by Bloomberg News, but Instructure hasn’t confirmed that the group was behind an attack. ShinyHunters is known for stealing victims’ data and then demanding extortion fees.

In 2024, the buyout firm KKR & Co agreed to buy Instructure in a deal that valued the Salt Lake City-based company at about US$4.8bil (RM18.8bil) including debt. The company was founded in 2008 and was majority-owned by the private equity firm Thoma Bravo before KKR’s takeover. – Bloomberg

 

 

 

Related stories:
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Google has bit more time to address concerns in EU investigation, EU Commission says
Logitech bets on AI, gaming and business users as it raises spending, CEO says
Sony, Nintendo grapple with memory price surge as AI boom constrains supply
The scam services 'helping' people to check in for flights – for fees
Sony, TSMC plan new Japan joint venture for next-generation image sensors
Samsung Electronics' union says to enter mediation over wage dispute
SoftBank cuts target for OpenAI margin loan, Bloomberg News reports
Russia's internet crackdown hobbles small businesses
ByteDance’s AI subscription gamble: chatbot faces reality check in China
Nintendo teases return of space-faring hero in Switch 2 reveal

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.