By Josh Siatkowski | Staff Writer
Baylor will delay all final exams scheduled for tomorrow, after a nationwide Canvas outage has left the university without access to the learning software and all of the study materials stored within it.
“I recognize that the nationwide situation with Canvas being down is seriously disrupting your preparations for final exams,” an email sent from Provost Nancy Brickhouse’s office on Thursday evening reads. “After careful consideration of the circumstances, we have decided to delay final exams tomorrow, Friday, May 8th.”
As the outage timeline remains unclear, Brickhouse also said the Office of the Provost will share more information tomorrow regarding Saturday’s finals and a make-up plan for tomorrow’s exams by noon tomorrow.
Instructure, Canvas’ parent company, was infiltrated by the hacker group ShinyHunters as early as Sunday, which led to the outage. Hackers threatened to release the data they obtained in the breach, which includes student names, ID numbers, course registrations and messages if the affected universities or Instructure did not pay a ransom by May 12. In response to a ransom note from the group, Instructure took Canvas offline around 4 p.m. Central Time today.
ShinyHunters is a hacking group focused on cyberattacks for financial gain. The group began in 2020 and has since claimed to successfully attack 91 victims. It said that around 9,000 schools have been affected by the breach, attaching to the ransom note a file listing all of the institutions it claims to have affected.
While Baylor was listed in these 9,000 schools, it was not specifically targeted, the university said. A release from BaylorITS published yesterday morning said that while some data was breached, Bear ID passwords were not leaked.
“BaylorITS was notified yesterday afternoon that a data breach at Instructure, whose Canvas platform supports learning at 41% of higher education institutions in North America, has impacted Baylor’s data stored on their servers,” the release, published around 11 a.m. on May 6, reads. “Because Baylor uses DUO two-factor authentication, Bear ID passwords were not stored on Instructure’s servers. This incident was not directed at Baylor, but is part of a larger breach that impacted a yet to be determined number of their higher education customers.”
Following the initial release this afternoon was the announcement of Instructure’s decision to take Canvas entirely offline, which was prompted by ShinyHunters’ ransom note.
“Users should not attempt to engage with or respond within the Canvas system until further notice,” the release from BaylorITS reads. “Our teams are actively monitoring the situation and working with the vendor toward resolution.”
Baylor advised precaution around “phishy” emails and avoiding unknown links and encouraged all suspicious messages to be forwarded to abuse@baylor.edu. BaylorITS also said students should not engage with Canvas until further notice, even if it comes back online.
University updates regarding the situation can be found here.
