Following a widespread security breach involving the Canvas Learning Management System, the Department of Education detailed its response and provided recommendations for institutions.
In a May 12 Electronic Announcement, the Department of Education stated that they have been actively working with Instructure Holdings, Inc, the parent company of the Canvas Learning Management System (Canvas) after the announcement that the platform had been hit by ransomware. Canvas is a learning platform used by K-12 schools and institutions of higher education.
The incident involves unauthorized access to usernames, email addresses, course names, enrollment information, and messages. Instructure has said that there is no evidence that passwords, dates of birth, government identifiers, or financial information have been compromised.
The Department is analyzing incoming information as the investigation continues and has requested information from Instructure to ensure compliance with the Family Educational Rights and Privacy Act (FERPA).
The article also includes a number of recommendations from the Department on how schools can report incidents and recommended immediate actions, such as multi-factor authentication and implementing strong password and security policies.
Instructure is providing the latest information on the Instructure Status Page at instructure.com/incident update and encourages users to monitor the page for updates. The Department will issue updates as new details are available.
