All students, staff may be affected by Canvas breach in Needham

Officials in Needham, Massachusetts, are “operating under the assumption that all students and staff were affected” by a cybersecurity incident affecting Canvas, software used widely across schools and colleges. Superintendent Dan Gutekanst of Needham Public Schools wrote in a statement that the district learned of the breach May 1 and learned May 7 that data from the district had been downloaded. The district was also notified of a second breach May 7, he said. According to Gutekanst, the information accessed included first names, last names and email addresses for all Needham Public Schools students and staff. Instructure, Canvas’ parent company, said it detected unauthorized activity April 26 and “immediately revoked the unauthorized party’s access” and started an investigation. Instructure on Thursday identified additional unauthorized activity tied to the same incident.”The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards,” a spokesperson said.Additionally, Gutekanst said the district was informed that teacher gradebook data connected to our PowerSchool student information system could have been modified.”Wellesley High School is also a Canvas client, and district officials said the campus is among approximately 9,000 affected institutions. Response to the breachGutekanst said NPS disconnected Canvas from PowerSchool “to prevent any further potential compromise of data or systems.”According to the superintendent, the district requested a complete report on the incident from Instructure. It asked that the report include information about what data was breached or modified. “We are also continuing to closely monitor the situation and review any additional systems that could potentially have been affected downstream,” he wrote. Video below: College finals affected by breach

NEEDHAM, Mass. —

Superintendent Dan Gutekanst of Needham Public Schools wrote in a statement that the district learned of the breach May 1 and learned May 7 that data from the district had been downloaded. The district was also notified of a second breach May 7, he said.

According to Gutekanst, the information accessed included first names, last names and email addresses for all Needham Public Schools students and staff.

Instructure, Canvas’ parent company, said it detected unauthorized activity April 26 and “immediately revoked the unauthorized party’s access” and started an investigation. Instructure on Thursday identified additional unauthorized activity tied to the same incident.

“The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards,” a spokesperson said.

Additionally, Gutekanst said the district was informed that teacher gradebook data connected to our PowerSchool student information system could have been modified.”

Wellesley High School is also a Canvas client, and district officials said the campus is among approximately 9,000 affected institutions.

Response to the breach

Gutekanst said NPS disconnected Canvas from PowerSchool “to prevent any further potential compromise of data or systems.”

According to the superintendent, the district requested a complete report on the incident from Instructure. It asked that the report include information about what data was breached or modified.

“We are also continuing to closely monitor the situation and review any additional systems that could potentially have been affected downstream,” he wrote.

Video below: College finals affected by breach

All students, staff may be affected by Canvas breach in Needham

Tags: