UCC and MTU affected after global cyberattack targets Canvas education platform

Cork universities were among thousands of schools internationally to be hit by a cyberattack on Thursday.

University College Cork and Munster Technological University had learning tools offline yesterday after a cyberattack breached Instructure, the company behind the learning management system Canvas, which both institutions use.

However, the global cyberattack mainly affected the platform on Thursday night in Ireland, minimising disruption for staff and students.

The majority of end-of-year exams in UCC have also finished, with the last few exams scheduled for Friday and Monday.

However, it is not yet known whether data was stolen in the attack.

UCC said that all systems are working normally again, after the university's Canvas was impacted by the international outage overnight.

"We have been working with Instructure, the providers of Canvas, who have confirmed this morning that the latest outage has been resolved, and systems have returned to normal operation," a statement from UCC on Friday said.

"UCC this morning contacted staff and students to update them on the situation. At this time there is no evidence to indicate that data pertaining to UCC students or staff has been made available.

"No other UCC systems have been affected and we will continue to monitor the situation."

MTU said that it is now engaging with the tech company Instructure "to understand the nature and extent of any potential impact on the University community."

"We are communicating directly with students and staff and advising them to remain vigilant, particularly in relation to suspicious emails, links or attachments," a statement from MTU released on Friday said.

MTU confirmed that Semester two exams will run from May 11 to 21 as per the institution's academic calendar.

"Earlier this week, Instructure, a US-based education technology company and the provider of Canvas, the Learning Management System (LMS) used by MTU, reported it had experienced a cybersecurity incident affecting universities and students across the world," a statement from MTU said.

"Munster Technological University has since been informed by Instructure that MTU is one of the institutions impacted by this global cybersecurity incident."

Thousands of schools and universities worldwide were affected on Thursday during the cyberattack, as many students tried to study for finals and end-of-year exams.

The hacking group ShinyHunters claimed responsibility for the breach at Instructure, according to Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft.

Mr Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the US and the United Kingdom. The group has also been linked to other attacks, including one targeting Ticketmaster, a subsidiary of Live Nation.

Instructure did not immediately respond to requests for comment or questions about whether the system was taken offline as a precaution or because hackers disabled it.

The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records allegedly accessed, Mr Connolly said.

Screenshots provided by Mr Connolly showed the group began threatening on Sunday to leak the data, giving deadlines of Thursday and May 12. He said the later date suggested discussions regarding extortion payments may still be ongoing.

Schools are increasingly becoming targets for cyber criminals because of the large volumes of digitised data they hold, much of which was previously stored in paper records.

Instructure has not posted about the attack on its social media channels. Its Canvas platform is used to manage grades, course notes, assignments, lecture videos, and other learning materials.

Mr Connolly said the Canvas attack was strikingly similar to a breach at PowerSchool, which also provides learning management tools. In that case, a Massachusetts college student in the US was charged.