Canvas cybersecurity breach hits Houston-area school districts, forces university finals postponements

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. Southwest Texas school districts are investigating a nationwide Canvas breach that exposed basic student info.

HOUSTON — School districts and universities across the country are continuing to deal with the fallout from a cybersecurity breach targeting Canvas, the widely used online learning platform used by students and teachers to manage coursework and classroom materials.

While the main Canvas platform is now back online for most users, the investigation into what information may have been exposed is still ongoing. Canvas Beta and Canvas Test remained in maintenance mode Friday morning.

This story continues below.

Houston ISD and Katy ISD are among the districts confirmed to be impacted. Conroe ISD and Lamar CISD have also confirmed disruptions tied to the cybersecurity incident.

Several universities have also been affected. Baylor University and the University of Texas at San Antonio postponed finals scheduled for Friday because of the outage.

What districts are saying

Katy ISD said it was “notified by Canvas, the vendor that provides them the learning management platform, of a cybersecurity incident that is actively under investigation.”

The district said certain user information may have been exposed, including names, email addresses, student ID numbers and messages exchanged within the platform.

Houston ISD said it is working to minimize disruptions while Canvas continues restoring services.

“While Canvas works to resolve the issue, HISD is standing up a temporary Google site to provide access to curriculum materials,” the district said.

Who may be behind the attack

Cybersecurity expert Adam Isles with The Chertoff Group said the breach is believed to be linked to a group called ShinyHunters, which he described as a cyber extortion group accused of stealing data and demanding ransom payments.

Isles said the group has been active since 2020 and is known for targeting organizations by stealing sensitive information and threatening to release it publicly.

“What has happened in this instance is ShinyHunters has apparently come out and sent messages to a number of victims that they have until May 12 next week to pay a ransom or the data that’s been taken will be made public,” Isles said.

Investigators are still working to determine the full scope of the breach and exactly what information may have been compromised.

What families should do

Cybersecurity experts say the incident should serve as a reminder for families to strengthen their online security habits.

– Watching for updates from school districts

– Changing passwords connected to Canvas accounts

– Avoiding password reuse across multiple websites

– Turning on two-step verification whenever possible

Many users trying to access Canvas earlier this week saw messages saying the system was undergoing maintenance.

Updates on the investigation and when all Canvas services will be fully restored are expected as more information becomes available.

Is your child’s school affected? Got a news tip or story idea? Email us at [email protected] or call 713-521-4310 and include the best way to reach you.