This article was republished with permission from WTOP’s news partner InsideNoVa.com. Sign up for InsideNoVa.com’s free email subscription today. Read the article on Inside Nova.
Prince William County Public Schools is among the thousands of schools and colleges impacted by an outage in Canvas after the parent company of the education app was hit by a cyberattack.
Canvas, a platform owned by Instructure, is used by school divisions, colleges and universities for course content, assignments and grades.
On its website, Instructure said the outage is related to unauthorized activity in Canvas detected on April 29. On May 7, Instructure identified additional activity tied to the same incident.
The company said it temporarily shut down Free-For-Teacher accounts, but Canvas is “fully back online and available for use.”
While Instructure said Canvas is fully online, an alert on Prince William County Public Schools’ website indicates users in the school system are still having difficulty accessing the platform.
“We are aware of the error appearing when accessing Canvas and are actively working with the vendor to resolve it,” the alert says. “The issue is not just impacting PWCS and is widespread and national in scope. We will provide updates when the vendor has resolved the issue.”
As for what kind of user information was accessed during the data breach, Instructure said the data taken in the April 29 incident includes “certain personal information of users at affected organizations.” That information includes names, email addresses, student ID numbers and messages among Canvas users.
Instructure said it has no evidence passwords, dates of birth, government identifiers or financial information were involved. Based on the investigation to date, Instructure said it has not found evidence that data was taken during the May 7 activity.
In a letter sent to students, parents and staff on Friday, Prince William County schools said it had restored access to Canvas for students and staff.
The school system underscored student and staff passwords are managed with division systems and not shared with Canvas.
While access to the platform has been restored, the school system temporarily advised teachers not to rely on it.
“At this time, Canvas and Mastery Connect access may continue to be unreliable. As a result, teachers have been advised temporarily not to rely on Canvas or Mastery Connect for submitting or collecting student work and to prepare alternative instructional and assignment submission plans should Canvas become inaccessible again,” the letter said.
Based on information provided by Instructure, the school system said, there is no evidence student or staff login credentials were accessed, no indication student or staff data was taken, and that the activity appears to have been limited to changes in page appearance only.
The school system said it will continue to assess the situation and provide updates as more information becomes available.
