Editor’s note: This is the second staff report in a series covering the recent Canvas outage.
Around 10:40 p.m. Thursday night, Canvas came back online for most users at the University of Notre Dame.
At 12:01 a.m., May 8, the Office of the Provost sent an email, signed by Ron Metoyer, vice president and associate provost for teaching and learning, and Chuck Hurley, assistant vice president and University registrar, to the Notre Dame community regarding what the outage means for grades, Friday exams and graduation.
The email informed faculty, “the deadline for submission of final grades has been extended by 24 hours — grades will now be due by 3:45 p.m. on Tuesday, May 12.” However, the message specified that unaffected faculty should still submit their grades by the original Monday deadline to “assist with important grade processing and degree certification for our graduating seniors.”
The email advised students to communicate with faculty about their exams and assured seniors that graduation would remain unaffected.
An email from the Hurley at 5:07 p.m. on May 8 informed students they would be able to begin viewing grades on InsideND at 5 p.m. on May 11. Final grades, GPA and academic standing will be available beginning 10 p.m. on May 12. The deadlines for faculty have not changed since the update from the office of the provost. Law School deadlines are established separately.
In an update to its original press release, the Office of Information Technology advised community members to “remain alert for suspicious emails, messages, or requests that reference Canvas, coursework, grades, account access, or University systems,” reminding community members, “Notre Dame will never ask for your password by email.”
Additionally, the office recommended that faculty download course grade information in case of recurring Canvas issues.
Instructure, the parent company of Canvas, stated that unauthorized activity was detected on April 29. In response, they “immediately revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts.”
On May 7, the company discovered “additional unauthorized activity tied to the same incident.” For affected individuals, this changed the pages that appeared for some users after logging in. In response, Instructure took Canvas offline.
“Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate and apply additional safeguards,” the Instructure update page reported.
Instructure reports that hackers obtained access to “certain personal information of users at affected organizations. That includes names, email addresses, student ID numbers and messages among Canvas users.” However, they “have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.”
Law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency, have been notified.
“At this time, we do not yet know whether Notre Dame data was involved in the compromise,” OIT stated in a press release.
