Area universities spent Friday grappling to recover from a cyberattack that landed at one of the busiest times of the academic year, as Mississippi State University, Mississippi University for Women and East Mississippi Community College prepare for graduation ceremonies.
The breach, carried out by criminal hacker group ShinyHunters, affected Canvas — a learning management system software used by universities and other educational institutions across the nation — during finals week, knocking the platform offline and interrupting any access to coursework, class materials or grades by students or faculty.
MSU rescheduled Friday’s finals exams in response.
“At the end of the semester, during preparation for commencement, when you’re preparing to graduate 4,000 students, it’s a rather intricate…almost like a dance,” said Sid Salter, vice president for strategic communications and director of public affairs for MSU.
“Everything has to happen on schedule, and this disrupts that schedule. It also creates uncertainty, and when people are trying to balance multiple final exams and keep a schedule that they have expected to keep, it’s difficult.”
Instructure Holdings Inc., the company that owns Canvas, released a statement Friday noting “unauthorized activity” was first detected in Canvas last week, leading the company to revoke the unauthorized user’s access and open an investigation.
More than 8,000 educational institutions across the country use Canvas, and impacted organizations were notified of the attack May 5, the statement said.
On Thursday, more unauthorized activity was detected in connection to the same incident, leading the company to take Canvas offline and into maintenance mode.
Meanwhile, students across the country logged into their Canvas accounts to find a message from ShinyHunters claiming responsibility for the attack.
“ShinyHunters has breached Instructure (again),” the message reads. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
The message goes on to note Instructure has until May 12 to contact ShinyHunters or risk having the data leaked publicly on the dark web, an invisible side of the internet often used for anonymous browsing and criminal activity.
In the Friday statement, Instructure said the investigation has determined that certain personal information of users at affected organizations was taken by the group, including names, email addresses, student ID numbers and messages among Canvas users.
“We have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved,” the statement said. “Based on the investigation to date, we have not found evidence that data was taken during the May 7 activity.”
By the time the statement was released Friday, Instructure had fully restored Canvas after receiving confirmation from an external forensic partner that no threat actor has access to the platform. The company said law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency, have been notified of the attack.
But even with Canvas access restored, universities, including MSU, are still working to get back on track.
“The most vexing part of this problem for our students and our faculty is the fact that this occurred – here, as (with) other universities – during or very near to finals week,” Salter said.
Adjusting operations
Salter said MSU decided to reschedule all exams set for Friday to Saturday in hopes of providing faculty, students and families proper clarification about the attack and how it may affect the last few days of the semester.
“We feel like hitting the pause button (Friday) gave us a chance to remove some of that uncertainty and let students go through the process with as much information as possible,” he said.
While he couldn’t provide a firm number for how many accounts were affected at MSU, Salter said almost every student and faculty member has some level of exposure to Canvas. None of MSU’s internal systems were compromised during the breach.
“It is the individual student data as it pertains to your course work (that) has been exposed,” he said. “But we don’t feel like Social Security numbers, any kind of payment information or anything of that nature has been at all compromised.”
Salter said the university has instructed deans, department heads and individual faculty members to take a “lenient interpretation” of the university’s exam rules as students navigate the rescheduling.
“We also have tried to be respectful of the schedule that the faculty is under and the burdens that are on them to manage all this information coming into them,” he said.
Operations at MUW remained largely unaffected, Communications Director Tyler Wheat wrote in a statement to The Dispatch, with commencement ceremonies continuing as planned and only a limited number of exams scheduled during the outage period.
“Students are encouraged to contact their instructors directly if they were impacted or have additional questions,” the statement said. “Since the onset of the outage, faculty members have been encouraged to support students and work alongside them to secure any necessary materials and complete final exams.
Dean of eLearning Coranette “Chris” Square faculty members at EMCC are encouraged to download gradebooks and other essential course materials.
“Students and employees should remain alert for phishing attempts and access Canvas only through LEO (student portal),” Square wrote in a statement. “We remain committed to protecting our campus community and will provide updates as more information becomes available.”
Both MUW and EMCC held commencement ceremonies Friday. Despite the attack, Salter feels confident the university will be on schedule to hold its graduation ceremonies May 15.
“We have given very specific instructions about what accommodations are available to the faculty member in interacting with … students and to make this as easy and fair as possible,” he said. “We feel like we accomplished that, and doing so was worth a day of delay.”
McRae is a general assignment and education reporter for The Dispatch.
You can help your community
Quality, in-depth journalism is essential to a healthy community. The Dispatch brings you the most complete reporting and insightful commentary in the Golden Triangle, but we need your help to continue our efforts. In the past week, our reporters have posted 42 articles to cdispatch.com. Please consider subscribing to our website for only $2.30 per week to help support local journalism and our community.
You can help your community
Quality, in-depth journalism is essential to a healthy community. The Dispatch brings you the most complete reporting and insightful commentary in the Golden Triangle, but we need your help to continue our efforts. In the past week, our reporters have posted 42 articles to cdispatch.com. Please consider subscribing to our website for only $2.30 per week to help support local journalism and our community.
