SAN DIEGO — Though the Canvas education program was back online following a cyberattack that affected schools nationwide, access to the system was not immediately restored at some San Diego-area universities.
The cyberattack, allegedly carried out by a hacking group called Shiny Hunters, targeted Instructure, developer of the Canvas education platform used at universities and school systems nationwide. The attack apparently began more than a week ago, but it led to outages of the Canvas system on Thursday.
Instructure posted a message on its website late Thursday that Canvas “is now available for most users.” It was unclear how the system was restored or whether the company had paid any ransom to the hacking group to prevent a data leak.
But while the platform was back in operation, some universities opted to wait before restoring student access.
University of California, San Diego said in a statement released late Friday afternoon that service would be restored once the school received approval from the University of California, “which is still waiting to receive assurances that the system is secure.”
UC San Diego said service was expected to be restored over the weekend or early next week and advised users to avoid accessing Canvas via the web or mobile app until further notice.
San Diego State University, along with other CSU schools, regained access to Canvas on Friday afternoon, though the school system said it had not fully reintegrated campus systems or data connections with Canvas “in an abundance of caution.”
Users were advised to exercise caution when using the service and were strongly recommended to download and save important documents “for added security.”
SDSU further advised that suspicious emails should be reported by forwarding them to [email protected].
Meanwhile, the San Diego Community College District, which was also affected by the Canvas cyberattack, was recovering from a separate, unrelated attack that began last weekend.
In a statement, SDCCD Chancellor Gregory Smith said an analysis of impacted systems would continue through the weekend in connection with the initial cyberattack. If no issues are revealed, the district will begin restoring its network and systems on Monday, with full restoration estimated for Monday afternoon or Tuesday morning.
The district said employee and student personal data was not compromised in the breach and that campuses remained open, with nearly all classes continuing as scheduled.
Regarding the Canvas attack, Smith said the district has “disabled local access to Canvas until we receive notice from the (California Community Colleges Chancellor’s Office) that it is safe to do so. I strongly recommend everyone who has accessed Canvas to ensure they have logged out, close the Canvas app or web browser, and do not log in until we send a notice that it is safe to do so and restore local access.”
