A national security breach on the online learning platform Canvas is hitting K-12 schools and universities across the country—and in Michigan.
Earlier on Friday, the University of Michigan warned students to log out of Canvas immediately in order to protect their data.
“We recognize the disruption this may cause, particularly during a busy time of year, and we are working as quickly and carefully as possible to restore access when it is safe to do so,” said Ravi Pendse, the VP for Information Technology and Chief Information Officer at U of M, in a statement.
On Friday afternoon, U of M sent an email saying, "Users should now be able to log back into Canvas and resume normal activity. Some integrations or connected services may continue stabilizing as restoration activities are completed."
The outage also hit Eastern Michigan University and Wayne State University.
“We are working with Instructure to restore access as soon as possible. We understand the inconvenience this creates as we end the winter semester and begin spring/summer classes,” Wayne State University said in a statement.
The company that developed Canvas, Instructure, says it's now back online. According to Instructure's status page, Canvas is now available for most users, but Canvas Beta and Canvas Test are still in maintenance.
But some schools, like Highpoint Virtual Academy of Michigan, said Canvas is still temporarily unavailable. The Academy canceled classes on Friday May 8, telling students to remain off Canvas and to not click on any pop-up links. It said it’s “investigating an escalation in the Instructure Security incident.”
Classes were also canceled at the Michigan Great Lakes Virtual Academy, due to the “ongoing Canvas/Instructure outage.”
Instructure reports that it initially detected unauthorized activity in Canvas on April 29. It revoked access and began to investigate, engaging outside forensic experts.
The incident this week was tied to this previous one, the company said. The cyberattack changed the appearance of the pages of Canvas when students and teachers were logging in.
“Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards,” Instructure said.
Editor's note: U of M holds Michigan Public's broadcast license.
