
MCPS temporarily shut down its educational software MyMCPS Classroom (Canvas) following a global security attack on the platform.
A cyber attack shut down Canvas on May 7, resulting in millions of students and teachers temporarily losing access to all their classroom materials on the platform. Canvas is a popular digital classroom used by over 8,000 institutions ranging from school districts like MCPS to top universities all over the world.
A group of hackers calling themselves ShinyHunters set out a ransom note on May 3 claiming that they had broken into over 275 million individuals’ data and that they had access to billions of private messages shared through the platform. The hackers gave Canvas’s parent company, Instructure, a deadline of May 6 to reach out and come to an agreement. Then, on May 7, the hacking group was said to have given schools affected by the outage a deadline of May 12 to negotiate their own settlements.
When Canvas initially went down on May 7, Instructure put out a message claiming that the platform was undergoing maintenance. On the morning of May 8, the company officially announced that an “unauthorized actor” had exploited an issue pertaining to Canvas’s Free-For-Teacher accounts.
Instructure has assured users that no passwords, birthdays, government identifiers or financial information were involved in the cyberattack.
While Canvas was made accessible to customers across the world on the evening of May 7, MCPS decided to hold access to the platform for its users. MCPS announced on their website that the platform could be back to full functionality as soon as May 8 at 7:45 a.m.
“Out of an abundance of caution, Montgomery County Public Schools is continuing to restrict access to the system until all services have been reviewed and confirmed safe for use,” MCPS published in a message on their website. “MCPS technology and security staff are actively testing and evaluating systems before making myMCPS Classroom available to students and staff.”
Canvas was made available again to all MCPS users on the evening of Sunday, May 11.