University of North Florida student information stolen in Canvas data breach

The breach impacted students, faculty and staff at more than 8,000 institutions across the country, and the hackers have threatened to release the data.

JACKSONVILLE, Fla. — Students with the University of North Florida were not spared in the data breach of Canvas, an online tool that hosts learning modules and exams for institutions around the country.

A notice sent out to students and faculty Friday after the service was restored confirmed that UNF was included in the breach, which impacted more than 8,000 U.S. schools and colleges.

This story continues below.

After the vendor, Instructure, detected unauthorized access to its systems on Thursday, Canvas was temporarily taken offline, disrupting classes deep into final exam season. UNF had just ended its semester and finals week days before the breach.

Student, staff and faculty information was obtained by the hacker group identified as “ShinyHunters” in a previous, connected breach on April 29, Instructure said. 

“While Instructure has not yet released the full details of the data included in the breach, they have indicated that identifying information, such as names, email addresses, and student ID numbers, as well as user messages, was exposed,” UNF said in its notice.

The school said it would provide updates to the campus community as details of the breach and the scope of its impacts become known.

Instructure said no additional data appeared to have been stolen on May 7, and there was no evidence that passwords, dates of birth, government identifiers or financial information were exposed.

ShinyHunters gave the software company and schools an ultimatum before they threatened to begin leaking personal data.

“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately,” the hackers wrote in a message on a dark web leak site, warning institutions that they had until next Tuesday to make a deal.

Instructure announced that the incident has been contained and that it has since implemented new security measures, notified law enforcement and brought in outside experts to investigate. The source of the breach was identified as the company’s Free-For-Teacher accounts, which have been temporarily disabled.