Universities across America hastily made new schedules on Friday in the wake of a massive cyberattack that has thrown final exam calendars and basic classroom activities into chaos.
Subscribe to read this story ad-free
Get unlimited access to ad-free articles and exclusive content.
The academic anarchy was touched off Thursday afternoon when operators of online education platform Canvas, used in K-12 schools and colleges across the globe, were forced to shut down after a hacker’s intrusion.
The Canvas platform provides digital course infrastructure for instructors and students. Teachers can upload course materials, communicate with students and grade assignments. Students can view and download necessary course materials, participate in exercises and upload completed material.
“It’s quite literally everything,” Rutgers University sophomore Travis Park, a civil engineering major, told NBC News on Friday.
“It’s a tool that does everything for us. This is how we communicate with professors, how we request any alterations to our grades, it’s where we can see our grade book throughout the semester.”
The hacking group ShinyHunters claimed in a May 3 statement that it had obtained about 6.65 terabytes of Canvas data from 9,000 schools worldwide.
Then on Thursday, students and staff across America logged into Canvas and reported finding a note from the hackers and a warning: if demands are not met by the end of Tuesday, everything would be leaked.
Late Thursday night, Canvas, which has more than 30 million active users around the world, from kindergartens to all Ivy League universities, was beginning to come back online, according to Utah-based parent company Instructure. But many students and faculty were still feeling the effects of the hack on Friday.
The Canvas hack amounted to several hours of inconvenience for MIT MBA student Zara Inam, who said this incident caused her to consider the security risks Americans appear to be trading in exchange for the convenience of centralized digital services.
“If you think about your day-to-day life and the convenience of having everything in one place vs. the risk of having one potential, big random event like this, you probably don’t think about [the security risks],” Inam said.
“I’m assuming most people also have that same preference to have everything digitalized and centralized in one space. You just think of the ease of day-to-day life (over any risks).”
Schools across America faced different challenges due to the hack.
- Penn State, one of the nation’s largest schools, got its Canvas system back up and running Friday afternoon but not after cancelling exams set for the Pollock Testing Center on Thursday night and Friday.
- The University of Illinois, also one of America’s biggest public schools, postponed final exams and work that had been due on Friday, Saturday and Sunday.
- UNLV was back on Friday morning but asked professors to allow students to turn in work, due Thursday, Friday or Saturday, late.
- Mississippi State pushed Friday final exams to Saturday.
- The University of Tennessee moved all finals set for Friday to Saturday.
- Finals at Mount Saint Mary’s University in Maryland were still slated for Saturday and Monday through Thursday. But the school is urging all students and teachers to print out all reading material they might need from Canvas as a precaution, according to history professor Christopher Schaefer.
- Rutgers canceled finals that had been set for Friday on its New Brunswick campus with no immediate makeup date. The last finals at New Jersey’s flagship university had been set for Wednesday.
While the Rutgers sophomore Park is a native of Northern New Jersey and can easily come and go to campus from home, many of his schoolmates are from other corners of America.
Many of those students had scheduled themselves to leave New Jersey moments after their last final exam, he said — plans that are now in limbo.
The Canvas shutdown amounted to an unwelcome nine-hour break for University of Iowa political science professor Sara Mitchell, who was suddenly prevented from grading papers between about 2:40 p.m. to 11:46 p.m. on Thursday, when the school finally came back online.
The outage also resulted in an unexpected educational gift for Mitchell, who teaches international relations, which includes lessons on modern warfare.
As she lectured students on recent U.S.- and Israeli-led cyberattacks on Iran, Mitchell didn’t sense her students really grasping the devastating impact of cyber warfare.
“Yeah, I guess this was good timing, we had just talked about this,” Mitchell joked. “When you talk about all of these terminologies like ‘degrade’ or ‘denial of service,’ it’s hard for them to really wrap their minds around what it is.”
Now, she hopes, students have a firm, lived experience, understanding.
“I mean our entire financial system is vulnerable, our electrical grid is vulnerable especially when these cyberattacks get more sophisticated,” Mitchell said. “They really could create a lot of problems and could be used in a more offensive way.”
Origins of Thursday’s intrusion date back to April 29, when the company said it “detected unauthorized activity in Canvas” and “immediately revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts,” the company said.
“Instructure recently identified unauthorized activity in Canvas LMS,” according to a company statement. “We took immediate steps to contain the activity, brought in outside forensic experts, and notified law enforcement. “
