A cyberattack caused chaos for students at thousands of schools across the country, including many school districts, colleges and universities in Iowa.The attack Thursday targeted a system that schools and universities use to manage grades, assignments and lecture videos. The hacking group named ShinyHunters claimed responsibility for the breach at Instructure, the company behind the learning management system Canvas. Late Thursday evening, many schools were reporting that access had been restored for most users. Des Moines Public Schools sent a message to its families early Friday morning letting everyone know that Canvas was back online and accessible.WATCH: Cyberattack hits Canvas system used by thousands of schools as finals loomStudents at Iowa State University and the University of Iowa began reporting problems to KCCI around 3:45 p.m. Thursday after logging into Canvas and seeing a message allegedly posted by hackers.Multiple students from both universities shared screenshots with KCCI showing a message from a group calling itself “Shiny Hunters.” The message claimed the group had breached Canvas’ parent company and demanded negotiations by May 12 “before everything is leaked.”The group also claimed online that nearly 9,000 schools worldwide were affected and that billions of private messages and records had been accessed. By Thursday evening, the Canvas website displayed a scheduled maintenance notice.The list of affected institutions includes dozens of Iowa schools and learning organizations, including two of Iowa’s public universities and several school districts and community colleges. Iowa State sent this statement to KCCI:”Iowa State is one of many institutions impacted by a nationwide outage affecting the Canvas platform. Instructure, the parent company of Canvas, has not provided a timeframe for when the issue will be resolved. Until access is restored, the university is encouraging instructors to adjust timelines and provide other methods for submitting assignments.”The University of Iowa is also impacted. Administration sent an email out to students and faculty on Thursday stating, “Our ITS team is actively monitoring the situation and remains in close communication with the vendor as they work to resolve the issue safely and restore service.We recognize how disruptive this is—particularly as we approach the end of the semester—and we are working closely with faculty to ensure flexibility and continuity for our students.”Des Moines Public Schools confirmed it was among the affected districts. In a statement Thursday, the district said it had been notified by Canvas’ parent company about the cybersecurity incident and was awaiting additional information. On Friday morning district officials said access had been restored.”DMPS uses Canvas for course materials, assignments, and student-teacher communication,” DMPS officials said in a message to families. “The data Canvas holds for our students and staff is limited to names, email addresses, internal student ID numbers, course information, and messages between users.”DMPS reminded users that Canvas does not store the following information about DMPS students and staff: Home addresses Phone numbersSocial Security numbersDates of birthFinancial information West Des Moines Community Schools also acknowledged the issue, saying Canvas had not yet explained how the breach impacts the district and that officials would continue monitoring the situation.Marshalltown Community School District said it received communication from Canvas’ parent company confirming hackers accessed personal information tied to affected accounts and advising schools to take cybersecurity precautions.Other Iowa schools and colleges impacted include:Marshalltown Community School DistrictWest Des Moines Community School DistrictWestern Iowa Technical Community CollegeNorthwest Iowa Community CollegeDes Moines Area Community CollegeHowever, some institutions listed by the hackers may no longer be vulnerable. Iowa Wesleyan University shut down in 2023, and Knoxville Community Schools told KCCI it stopped using Canvas years ago, despite being on the list.Doug Jacobson, a cybersecurity professor at Iowa State University, said Canvas users should not panic because the platform stores limited personal information. Johnston Community School District echoed this in a statement:”We have been informed that the attacker obtained some data associated with our account, including personal information. However, Canvas reported that they found ‘no indication that passwords, dates of birth, government identifiers or financial information were involved.'”Still, he said, educators are especially concerned about the potential loss of coursework and grades.“If all semesters where the student work disappeared, how are you going to restore? How are we going to resurrect that?” Jacobson said.Jacobson also warned that users could become targets for phishing scams and fake password reset attempts following the breach.“Just like after any disaster, you got scammers who come in after the disaster, who had nothing to do with it,” Jacobson said. “They’ll start just trying to scam you and say all you need to do is reset your password. Go to this site.”Jacobson said the breach appears to have happened within Instructure’s infrastructure and seems to have been timed to create maximum disruption as schools prepare for finals.“Most universities and schools are heading into finals, and this is not a good time to have a system like this go down,” Jacobson said.Next week is finals week for both Iowa State University and the University of Iowa. Other schools impactedKCCI has confirmed other school districts and colleges have been impacted by the cyberattack, including:Marshalltown Community School DistrictWest Des Moines Community School DistrictWestern Iowa Technical Community CollegeNorthwest Iowa Community CollegeDes Moines Area Community CollegeJohnston Community School DistrictThis is a developing story. Check back with KCCI for updates.» Subscribe to KCCI’s YouTube page» Download the free KCCI app to get updates on the go: Apple | Google Play
A cyberattack caused chaos for students at thousands of schools across the country, including many school districts, colleges and universities in Iowa.
The attack Thursday targeted a system that schools and universities use to manage grades, assignments and lecture videos. The hacking group named ShinyHunters claimed responsibility for the breach at Instructure, the company behind the learning management system Canvas.
Late Thursday evening, many schools were reporting that access had been restored for most users. Des Moines Public Schools sent a message to its families early Friday morning letting everyone know that Canvas was back online and accessible.
WATCH: Cyberattack hits Canvas system used by thousands of schools as finals loom
Students at Iowa State University and the University of Iowa began reporting problems to KCCI around 3:45 p.m. Thursday after logging into Canvas and seeing a message allegedly posted by hackers.
Multiple students from both universities shared screenshots with KCCI showing a message from a group calling itself “Shiny Hunters.” The message claimed the group had breached Canvas’ parent company and demanded negotiations by May 12 “before everything is leaked.”
The group also claimed online that nearly 9,000 schools worldwide were affected and that billions of private messages and records had been accessed. By Thursday evening, the Canvas website displayed a scheduled maintenance notice.
The list of affected institutions includes dozens of Iowa schools and learning organizations, including two of Iowa’s public universities and several school districts and community colleges.
Iowa State sent this statement to KCCI:
“Iowa State is one of many institutions impacted by a nationwide outage affecting the Canvas platform. Instructure, the parent company of Canvas, has not provided a timeframe for when the issue will be resolved. Until access is restored, the university is encouraging instructors to adjust timelines and provide other methods for submitting assignments.”
The University of Iowa is also impacted. Administration sent an email out to students and faculty on Thursday stating, “Our ITS team is actively monitoring the situation and remains in close communication with the vendor as they work to resolve the issue safely and restore service.
We recognize how disruptive this is—particularly as we approach the end of the semester—and we are working closely with faculty to ensure flexibility and continuity for our students.”
Des Moines Public Schools confirmed it was among the affected districts. In a statement Thursday, the district said it had been notified by Canvas’ parent company about the cybersecurity incident and was awaiting additional information. On Friday morning district officials said access had been restored.
“DMPS uses Canvas for course materials, assignments, and student-teacher communication,” DMPS officials said in a message to families. “The data Canvas holds for our students and staff is limited to names, email addresses, internal student ID numbers, course information, and messages between users.”
DMPS reminded users that Canvas does not store the following information about DMPS students and staff:
- Home addresses
- Phone numbers
- Social Security numbers
- Dates of birth
- Financial information
West Des Moines Community Schools also acknowledged the issue, saying Canvas had not yet explained how the breach impacts the district and that officials would continue monitoring the situation.
Marshalltown Community School District said it received communication from Canvas’ parent company confirming hackers accessed personal information tied to affected accounts and advising schools to take cybersecurity precautions.
Other Iowa schools and colleges impacted include:
- Marshalltown Community School District
- West Des Moines Community School District
- Western Iowa Technical Community College
- Northwest Iowa Community College
- Des Moines Area Community College
However, some institutions listed by the hackers may no longer be vulnerable. Iowa Wesleyan University shut down in 2023, and Knoxville Community Schools told KCCI it stopped using Canvas years ago, despite being on the list.
Doug Jacobson, a cybersecurity professor at Iowa State University, said Canvas users should not panic because the platform stores limited personal information.
Johnston Community School District echoed this in a statement:
“We have been informed that the attacker obtained some data associated with our account, including personal information. However, Canvas reported that they found ‘no indication that passwords, dates of birth, government identifiers or financial information were involved.'”
Still, he said, educators are especially concerned about the potential loss of coursework and grades.
“If all semesters where the student work disappeared, how are you going to restore? How are we going to resurrect that?” Jacobson said.
Jacobson also warned that users could become targets for phishing scams and fake password reset attempts following the breach.
“Just like after any disaster, you got scammers who come in after the disaster, who had nothing to do with it,” Jacobson said. “They’ll start just trying to scam you and say all you need to do is reset your password. Go to this site.”
Jacobson said the breach appears to have happened within Instructure’s infrastructure and seems to have been timed to create maximum disruption as schools prepare for finals.
“Most universities and schools are heading into finals, and this is not a good time to have a system like this go down,” Jacobson said.
Next week is finals week for both Iowa State University and the University of Iowa.
Other schools impacted
KCCI has confirmed other school districts and colleges have been impacted by the cyberattack, including:
- Marshalltown Community School District
- West Des Moines Community School District
- Western Iowa Technical Community College
- Northwest Iowa Community College
- Des Moines Area Community College
- Johnston Community School District
This is a developing story. Check back with KCCI for updates.
» Subscribe to KCCI’s YouTube page
» Download the free KCCI app to get updates on the go: Apple | Google Play
Click Here For The Original Source.
