BBCC issues alert over potential data breach
Schools worldwide use Canvas management platform.
MOSES LAKE — Big Bend Community College officials say they are aware of a recent cybersecurity incident involving Canvas, a learning and data management platform widely used by colleges and universities across the country.
“This is a nationwide issue,” said Matt Killebrew, BBCC’s director of communications, in a May 8 press release.
As of 11 a.m. Friday morning, all services were back online, he said.
Citing publicly available information, the college said a criminal extortion group has claimed responsibility for a breach that may have exposed certain user data, including names, email addresses, student ID numbers, and messages exchanged within the Canvas platform.
Instructure, the company behind Canvas, issued an update Thursday evening which said the system is available for most users.
According to BBCC, the company has indicated that there is currently no evidence that sensitive information such as passwords, financial data, or government identification numbers was compromised.
At this time, Killebrew said, the college is actively monitoring communications from Instructure and relevant cybersecurity authorities “to better understand the scope and impact of this incident.”
“Protecting the privacy and security of our students, faculty, and staff is a top priority,” he said. “We are working closely with our partners and the State Board of Community and Technical Colleges to stay informed and will take any necessary actions to safeguard our campus community.”
The Associated Press reported on Friday that a hacking group called ShinyHunters claimed responsibility for the breach at Canvas. ShinyHunters was described as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom who have been tied to other cyberattacks.
The Canvas platform is used by thousands of schools worldwide for management of grades, assignments, online lectures, and more, said the AP. It said security experts believe the intrusion was purposely timed now as students are preparing for final exams and end of the traditional school year.
Big Bend’s spring quarter final exams are scheduled June 11-16.
While an investigation is ongoing, BBCC students, employees, and Canvas users are urged to take precautionary measures, including:
√ Being cautious of unsolicited emails or messages requesting personal information or login credentials;
√ Avoiding clicking on unfamiliar links or attachments;
√ Monitoring accounts for unusual activity;
√ Updating passwords regularly as a best practice.
The college will continue to provide updates as more information becomes available.
