Photo: RNZ / Yiting Lin
University students across New Zealand cannot submit assignments or communicate with tutors after their online learning system was hit by a global data hack.
Names, email addresses, student ID numbers and messages between users could all be affected by the breach.
Do you know more? Email luka.forman@rnz.co.nz
Learning platform Canvas was offline, and the university said it was working urgently on workarounds to minimise the impact on teaching and learning on Friday.
The Canvas data was held by third party platform Instructure, which had its data hacked.
Impacted universities included the University of Auckland, AUT and the Victoria University of Wellington.
The University of Auckland said in a statement the university’s own systems had not been breached and no other systems were at risk.
It said there was no suggestion that any student assessment data, passwords or sign-on credentials had been affected.
An email sent to staff at AUT, confirmed it had been impacted by the hack also.
It said the university’s ICT team were working with Instructure and would advise when more was known.
It asked all staff to log out of Canvas.
RNZ understands the hackers posted a message in the Canvas system and asked schools to contact them to reach a settlement.
An AUT staffer told RNZ the platform was used to submit assignments, post readings and communicate with students.
They said students often wrote messages to tutors on the platform with private information in them.
University of Auckland student Tyler Jones said he had a 2500 word essay due next Wednesday, and issues with Canvas today had put a spanner in the works for him.
“I haven’t been able to access any course materials – so like lectures or readings to actually help me finish assignments like that. So it’s already been quite disruptive.”
The essay was for a film class, and he said the only way for him to access the movie he was writing about was through Canvas.
The University of Auckland cancelled all tests and assessments scheduled for Friday, but Tyler said it was unclear whether students like him would get extensions.
“Although they’re not due today, we still would have been affected by not being able to access Canvas to work on those assignments.”
Many students were not too bothered by the privacy concerns around the breach, but they should be, he said.
“They’re kind of thinking, what are they going to leak – your grades? But I think there’s a lot more on Canvas than students really realise.”
Auckland University said some accommodations might be necessary where assessments were concerned.
President of the Victoria University of Wellington Students’ Association Aidan Donoghue told Checkpoint the university had been quick to inform students it was confident no emails or passwords had been exposed by the breach.
Students were not particularly concerned, because the rest of the data – Names, Student IDs and Messages between students and lecturers – was not particularly sensitive.
“They’re very confident that there’s no indication that passwords or single sign-on credentials have been affected or assessment data itself, so yeah, it’s somewhat relieving.”
Student’s were, however, concerned about what the breach of Nuku (what it calls its version of Canvas) might mean for submitting assignments on time, he said.
The earliest time Nuku would be back online was Wednesday morning, Donoghue said.
In the meantime, students’ course coordinators would make the call on what changes might need to be made to assignments.
Lecture recordings and readings would still be available through the third-party sites, he said.
“There’s definitely going to be considerations and changes … made to address the impact and the lack of ability to submit assignments because of this outage.”
In a statement AUT said while the platform was down, students wouldn’t have to submit assessments, and extensions would be given based on how long it was down for.
Canvas was used in 9000 education systems around the world.
AFP was reporting, the hack had also hit US universities including Harvard, Stanford.
According to the Harvard Crimson student newspaper and posts on social media, students attempting to access the system on Thursday saw a message from the hacking group saying servers belonging to Canvas’s parent company Instructure had “again” been breached.
“Instead of contacting us to resolve it they ignored us and did some ‘security patches,'” the hackers said.
“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately… to negotiate a settlement.”
The group warned it would release all stolen data if schools did not make contact by 12 May.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
Click Here For The Original Source.
