RICHMOND, Va. — A cyberattack on the Canvas learning management system is disrupting finals week for students at Virginia Commonwealth University and several other colleges and universities across Virginia.
Thousands of schools across the country use Canvas to support instruction, take exams, check grades and more. A hacking group known as Shiny Hunters breached the platform, and as of Friday, Instructure, the company behind Canvas, said the system was available for most users.
VCU freshman Parm Patel said his exams were already finished, but he is aware of the stress the breach is causing for other students.
"Bio majors and stuff, they are still taking exams throughout the week and they definitely have been more impacted than us because they have to find another way to take that exam," Patel said.
Patel said VCU is still warning students not to use Canvas.
"They definitely have disclaimers not to use it," Patel said.
Alex Nette, CEO of Richmond-based Hive Systems, said the timing of the attack appeared deliberate.
"That group may have been sitting on this opportunity for quite some time and just finally hit the red button right at a time when many colleges and universities need this to be working," Nette said.
Nette said the speed of Canvas's recovery was notable given the scale of the disruption.
"To Canvas's credit, for them to go from completely down and out, very publicly impacting many universities with lots of alerts, lots of reporting in the news, to being back, fully online and recovered within twelve hours is astounding, to be frank. That is a huge impact for many different companies that may be helping or supporting Canvas, but also for the universities and the colleges that are customers of Canvas as well," Nette said.
Locally, K-12 school divisions and universities are still being cautious. In addition to VCU, the University of Richmond, Virginia State University, Virginia Tech and James Madison University all reported impacts to their systems and are closely monitoring what data may have been accessed.
Hanover and Henrico Public Schools said they do not use Canvas. Richmond Public Schools and Chesterfield County Public Schools do use the platform. Richmond Public Schools said it was not impacted but continues to monitor the situation. Chesterfield County Public Schools said there is no evidence that passwords, dates of birth, government identifiers or financial information was captured, but the district is working with Instructure to obtain additional division-specific information.
Nette said those affected should take precautions now.
"Make sure you keep an eye on your personal information and if you do not have a monitoring service in place from another data breach, make sure you get one so you can keep an eye on that," Nette said.
CBS 6 is committed to sharing community voices on this important topic. Email your thoughts to the CBS 6 Newsroom.
📲: CONNECT WITH US
Blue Sky | Facebook | Instagram | X | Threads | TikTok | YouTube
This story was initially reported by a journalist and has been converted to this platform with the assistance of AI. Our editorial team verifies all reporting on all platforms for fairness and accuracy. To learn more about how we use AI in our newsroom, click here.
