Southeast Texas universities affected by data breach involving Canvas software

Canvas, a learning management system used by thousands of schools and universities, was offline Thursday during a cyberattack, creating chaos as students tried to study for finals and underscoring the education system's dependence on technology.

Local universities, including Texas A&M University and the University of Houston, confirmed that their students were affected by the Canvas cybersecurity incident.

Other schools, including Texas Southern University, University of Houston - Downtown, Houston City College, and Prairie View A&M, all say they use Canvas through their websites.

The hacking group named ShinyHunters claimed responsibility for the breach at Instructure, the company behind Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emisoft. Instructure didn't immediately respond to a request for comment or questions about whether the system was taken down as a precaution or because the hackers knocked it offline.

The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.

Screenshots Connolly provided showed that the group began threatening to leak the trove of data on Sunday, setting deadlines for Thursday and May 12. Connolly said the later date indicates that discussions regarding extortion payments may be ongoing.

Rich in digitized data, the nation's schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.

Instructure has not posted about the attack on its social media. Its Canvas is used to manage grades, course notes, assignments, lecture videos, and more.

Connolly said the Canvas attack is strikingly similar to a breach at PowerSchool, another learning management system. In that case, a Massachusetts college student was charged.

Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group has also been linked to other attacks, including one targeting Live Nation's Ticketmaster subsidiary.

Universities and school districts quickly began notifying students and parents.

The University of Houston provided a statement to Eyewitness News that read in part:

"The University of Houston is aware of a global service disruption affecting the Canvas LMS platform, which is currently unavailable due to a cybersecurity incident involving its parent company, Instructure. The UH UIT team is actively investigating and monitoring this situation."

On Thursday evening, Houston ISD sent a statement to its staff regarding the cybersecurity incident.

"This afternoon, a cybersecurity incident involving Canvas impacted school districts and other institutions nationwide. The issue is related to the Canvas platform and is outside of HISD's control. Canvas is actively working to secure its systems and restore access as quickly as possible, and HISD teams remain in communication with the provider regarding updates and restoration efforts.

While Canvas works to resolve the issue, HISD is standing up a temporary Google site to provide access to curriculum materials. The site is expected to be available within the next few hours, and we will send an additional update once it is live.

We recognize the disruption this may cause and appreciate your patience and cooperation as Canvas works to resolve the issue and HISD implements a solution to ensure teachers have the resources they need for instruction. Our priority is to minimize disruption and continue supporting teaching and learning during this outage."

Schools across the country, from the University of Iowa to Virginia Tech to Harvard University, have all confirmed they have been affected by the Canvas hack.

The Associated Press contributed to this report.