Starting at 5 p.m., members of the Notre Dame community found themselves unable to log on to Canvas, the University’s learning management system, which is owned by Instructure.
At 5:37 p.m., the Office of Information Technology sent an email, approved by Dan Skendzel, assistant vice president of academic and community technology experience, to faculty, students and staff.
The email advised faculty administering exams via Canvas to “transition to alternate methods for delivering them.” Alternative methods for assignment submission were also mandated.
According to a press release from OIT, “University teams are actively evaluating the operational and academic implications of this incident, including impacts to courses, integrations, and related instructional tools.”
The email says OIT is monitoring the situation. The office is directing people to its website for “the latest service status updates.”
According to the email, “It is unclear the extent of the data breach, however Instructure, the parent company of Canvas has said there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in this incident.”
“Instructure has confirmed that it is investigating unauthorized activity affecting its environment and has taken steps to contain the incident and strengthen platform security,” the press release read. “At this time, we do not yet know whether Notre Dame data was involved in the compromise. The University is working directly with Instructure to determine the scope of any potential impact to our students, faculty, staff, and academic operations.”
A message from the hackers reads, “ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’.”
Message from ShinyHunters on the data breach.
ShinyHunters has claimed nearly 275 million individuals and around 9000 schools are affected.
The email from OIT says they “understand the timing is critical given the end of finals and upcoming grading deadlines,” and “will provide detailed instructions and guidance on how to proceed.”
