Body
As many of you are aware, over the past week Instructure Canvas has been the victim of a malicious cyberattack. At this time, Instructure reports that Canvas is up and operational and that their external forensic partner has reviewed the known indicators and found no evidence that the threat actor currently has access to the platform.
The details of the breach are still being discovered, but at this time we have confirmed with Instructure the following:
Thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.
This was not an attack targeting SU specifically, but rather an attack on Canvas' system. OIT is working with Shenandoah's legal team, Instructure, and the university's Cyber Insurance provider to determine next steps as well as the specifics of any data that may have been compromised. As we learn more, information will be shared.
Devon Taylor, Ed.D.
Associate VP & CIO