GWUOHS lost access to Canvas from May 7 to May 11 after cyber extortion group ShinyHunters breached Instructure, the company that owns the learning management system.
Multiple GWUOHS students reported seeing a ransom letter in place of the Canvas login portal at around 4 p.m. Eastern time on Thursday, May 7.
“ShinyHunters has breached Canvas again. Instead of contacting us to resolve it they ignored us and did some ‘security patches,’” the note on the page said.
In the same message, ShinyHunters threatened to leak private user data if Instructure did not contact them by May 12. ShinyHunters claimed to have the data of approximately 9,000 schools and over 275 million individuals, reported The New York Times.
Within a couple hours, the ransom message was replaced by a notice that Canvas was under maintenance. By Thursday night, Canvas posted that their platform was operational again. However, GWUOHS disabled the learning management system for students until Monday morning as an additional safety measure.
Since GWUOHS is a fully virtual school, students rely on Canvas for most day-to-day school activities, including accessing lesson modules, attending live classes, and completing assignments and tests.
“If we were in person or anything, it would be like you walk into school and they’re like, ‘Oh, your online thing got hacked, here’s some worksheets, look,’ but with this, we use this platform for literally everything,” junior Esme B.* said.
Sophomore Bryson T.* was in the middle of completing an algebra test on Canvas when the platform suddenly refreshed and locked him out. He recalled being worried about losing progress and falling behind on schoolwork.
“Because it’s like, ‘Am I going to be locked out of my test?’ because they usually only allow one turn and in the middle of one, I’m not going to be able to access it again. It was a little bit of a panic attack until they said that we were getting extensions,” Bryson said.
Others also expressed concerns about their privacy due to the data breach.
“We were, well, all of the classmates were very worried about what information could have been hacked, or if our accounts, our devices were in danger, because at the time we didn’t have any sort of context about what was happening,” junior Luis R.* said.
Still, some students and teachers managed to make light of the situation.
“What I would probably remember the most is my advisor saying that we could turn it into a virtual snow day, which I really appreciate, because it kind of brought up the spirits of the entire thing,” sophomore Felicity V.* said.
In a status update released on May 11, Instructure said that the stolen data had been returned to them, along with shred logs confirming the data’s destruction.
“We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. As our investigation draws closer to a conclusion, we also intend to share additional details about the root cause and lessons learned, with the goal of helping the broader education technology community better understand and defend against similar threats,” the update said.
*Last names withdrawn for student privacy, per school policy.
