Students around San Diego County on Friday were slowly regaining access to Canvas, an online learning system used on campuses of all grade levels, following a cyberattack that took the education system offline for at least a day.
Read more From ‘Just Say No’ to Narcan: How drug education is changing in a modern world
The company that runs the education management tool, Instructure, said Friday the system was back online, although many local schools said they were running their own independent safety checks to ensure their own campus systems were safe.
The chaos left students across the county — many of whom were in the midst of finals — in the lurch, wondering if their assignments could be turned in or would be postponed. The online tool manages grades, lectures, course notes and readings.
Early Friday, UC San Diego officials, as well as other campuses, said the system had been brought back up, but they asked for a third-party certification to ensure the system was safe for users. They asked students to continue avoiding accessing Canvas until they had ensured data within the system had not been altered or destroyed.
The San Diego Community College District, which encompasses City College, Mesa College, Miramar College and the College of Continuing Education, said it was using the California Community Colleges Chancellor’s Office security center to review and validate the system.
“Accordingly, we have disabled local access to Canvas until we receive notice from the CCCCO it is safe to do so,” Chancellor Gregory Smith said. “I strongly recommend everyone who has accessed Canvas to ensure they have logged out, close the Canvas app or web browser, and do not log in until we send a notice it is safe to do so and restore local access.”
The California State University website, which includes San Diego State University and Cal State San Marcos, said that the schools would be working through the early afternoon to reintegrate their campus systems with Canvas. Canvas was available to SDSU students as recently as of 1 p.m. Friday.
Student chatter on social media fluctuated between some commenters upset that their tests or assignments would be canceled and others planning beach days in light of the system being down. William Simpson, president of Associated Students at UCSD, said it was students who brought news of the downed system to the administration.
“From a student perspective, I don’t think it’s too much of a disruption, as long as they extend the deadline for our exams and quizzes,” Simpson said Friday. “We don’t want to have to submit our assignment by email. It can be a bit confusing if we don’t have access to our syllabus (and course materials).”
The situation has been a special nightmare for the Community College District, which has suffered at least two separate cyberattacks in the last week.
Read more Schools often don’t have any standardized drug education, relying on patchwork programs
The district worked through last weekend to get the first attack under control by Monday. But as Smith, the district’s chancellor, was driving to work, it started to become apparent that a second, much bigger assault was coming.
It could not have come at a worse time.
“Right now we need to be finalizing grades, and we have to send information that students need to transfer to other institutions,” Smith said Friday. “I was concerned that there might be delays for those who were going to CSU and UC campuses and that we might have to tell students, ‘You can’t transfer this semester.’ That would have been devastating.”
To everyone’s relief, the problem regarding transcripts was resolved, but Canvas remained a problem as of Friday.
Tony Anscombe, chief security evangelist at ESET, said in a phone interview Friday that the value of data isn’t always considered, and school districts and their service providers have “pretty significant sensitive data.”
When a person enrolls at school, they could hand over medical information or payment information.
“That’s why school districts are, unfortunately, a target because they hold a lot of rich data,” he said. “Now, on the other side of that, as well, is school districts can be seen as an easier target because of limited budget and limited resources, they may well be seen to have weaknesses in their security that could be exploited.”
A letter sent to San Diego Unified families said that the district would restore access to teachers and families to Canvas Friday afternoon. The letter said that Instructure, the vendor, had completed security fixes and restored use of Canvas.
“We are proceeding cautiously and are confident that resuming use of Canvas does not present a security risk,” wrote W. Drew Rowlands, deputy superintendent of operations.
In a statement that displayed on students’ screens Thursday when they tried to log in to Canvas, the hacker group ShinyHunters took credit for the cyberattack. The group asked for “a settlement” but did not specify what its demands were of Instructure.
Read more Academic institution will vet plan to replace San Diego’s Golden Hall with educational center
