Steve Daly, the CEO of Instructure, apologized after a nationwide cyberattack on Canvas caused a major data breach.He wrote a letter addressing the Instructure
Canvas, a learning management system across all school levels in the state, was the victim of a cyberattack that compromised student, teacher, and staff data.
Multiple school districts started notifying parents on Thursday, May 7. Steve Daly, the CEO of Instructure, apologized after a nationwide cyberattack on Canvas caused a major data breach. He wrote a letter addressing the Instructure community. Canvas is now fully back online and available, according to an update from the company.
“Over the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn't get answered.
You deserved more consistent communication from us, and we didn't deliver it. I'm sorry for that,” Daly said.
“This incident involved unauthorized access to part of our environment. The data fields involved include information such as usernames, email addresses, course names, enrollment information and messages. Core learning data was not compromised. We're still validating all findings, but we want to be clear about what we understand was and wasn't affected,” Daly said.
He said the company focused last week on finding the facts and getting them right before speaking publicly.
“That instinct isn't wrong, but we got the balance wrong. We focused on fact-finding and went quiet when you needed consistent updates. You've been clear about that, and it's fair feedback. We will change that moving forward,” Daly said.
Instructure will now have a dedicated incident update page. He said it will include information on what the company knows, what it’s doing and what comes next.
“Rebuilding trust takes time. We're going to earn it back through consistent action and honest communication. We're in this for you and your community,” Daly said. Over the past few days, many of you dealt with real disruption.
Stress on your teams. Missed moments in the classroom. Questions you couldn't get answered. You deserved more consistent communication from us, and we didn't deliver it.
I'm sorry for that. This incident involved unauthorized access to part of our environment. The data fields involved include information like usernames, email addresses, course names, enrollment information and messages. Core learning data was not compromised.
We're still validating all findings, but we want to be clear about what we understand was and wasn't affected. We also identified a vulnerability regarding support tickets in our Free for Teacher environment that was exploited. We temporarily disabled Free for Teacher while we complete a full security review. We know that's disruptive, and we didn't make that call lightly.
But keeping the entire Canvas platform secure has to come first. Last week, we made a call to get the facts right before speaking publicly. That instinct isn't wrong, but we got the balance wrong. We focused on fact-finding and went quiet when you needed consistent updates.
You've been clear about that, and it's fair feedback. We will change that moving forward. We've launched a dedicated Incident Update page, a single place with what we know, what we're doing, and what's next. We'll post another update within 48 hours and we're working on delivering a summary of the forensics report; which we'll share as soon as it's ready.
Canvas by Instructure is fully operational and remains safe to use. Core learning data is not compromised. We'll give you clear guidance if any action is required on your end. Right now, there's nothing you need to do.
Keep reaching out to your Customer Success teams and through our Community channels. Your feedback is shaping how we respond. Rebuilding trust takes time. We're going to earn it back through consistent action and honest communication. We're in this for you and your community.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Canvas online system hacked right at the end of the school year, raising data security concernsMaggy Wolanske is a multimedia journalist with Denver7.
Read more »
Canvas hack exposes schools’ vulnerability to cyberattacksThis week’s hack into information from almost 9,000 schools included personally identifying data. It was not the first big edtech breach.
Read more »
University of Illinois resumes final exams, assignments Sunday after Canvas hackThe University of Illinois has resumed final exams and assignments Sunday after a global cyberattack on a popular classroom software.
Read more »
Instructure CEO apologizes after Canvas cyberattack causes data breachSteve Daly, the CEO of Instructure, apologized after a nationwide cyberattack on Canvas caused a major data breach.He wrote a letter addressing the Instructure
Read more »