Australian educational facilities impacted as ‘criminal’ hacks Canvas learning platform
An educational institution says the personal data of some of its students has been compromised, following a cybersecurity attack on an international learning management system.
A security breach of the cloud-based Canvas learning management system, developed by American company Instructure, occurred on Saturday, May 2 (Australian time).
It is used by schools, universities and vocational education facilities across the world, including Australia, to deliver and manage learning for students and staff.
Sydney, Adelaide, Tasmanian educational institutions assessing breach
In a statement, University of Technology Sydney (UTS) Deputy-Vice Chancellor Kylie Readman said the facility was working with Instructure to confirm what data had been compromised and to “fully understand potential impacts”.
A spokesperson for Flinders University in Adelaide said it had been informed that student and staff data within the Canvas platform “may have been impacted”.
Tasmania’s Technical and Further Education Institute (TasTAFE) said in a statement that it had been notified by Canvas’ parent company, Instructure, that a “criminal third party” had accessed their data.
“Based on current advice, the data involved may include some personal information, including content stored within Canvas such as messages,” they said.
“There is no indication that passwords, dates of birth, government identifiers, or financial information were involved.
“This incident relates to Instructure’s systems and was not the result of a breach of TasTAFE’s own systems or processes.”
TasTAFE says there is no indication passwords or financial information were taken in the cyber attack. (ABC News)
Ross Smith, the acting secretary of Tasmania’s Department for Education, Children and Young People (DECYP) said the department has not been informed if any Tasmanian public school data has been obtained.
“Should any sensitive or personal information be affected, DECYP will work with Instructure to manage harm and ensure that those affected are notified as soon as possible and offered assistance and support as required,” Mr Smith said.
Both TasTAFE and DECYP said Instructure had engaged external cybersecurity specialists to investigate the incident, and that Canvas was still operational for both entities.
On Monday, RMIT said it was working to confirm if any of its data had been involved.
“Canvas is operating as normal and we’ll provide further information on this page if there are any impacts to students,”
they said.
Instructure has been contacted for comment.
