Wisconsin universities and schools impacted by Canvas data breach

WAUSAU, Wis. (WSAW/GRAY NEWS) – A ransomware group has claimed to have breached the learning management system Canvas, possibly exposing the personal information of students, teachers and staff across the country.

According to a statement from the Universities of Wisconsin website, they were notified of a nationwide security breach experienced by Instructure, the provider of Canvas. Universities of Wisconsin schools use the cloud-based management system.

UW-Stevens Point tells NewsChannel 7 they have not confirmed UWSP was involved in the breach, but did send communication that Canvas was down and students should not perform any asked actions if prompted, as it may not be legitimate while Canvas is down.

Instructure, the parent company of Canvas, posted on May 1 about a cybersecurity incident that had been reported and was under investigation.

The next day, Chief Information Security Officer Steve Proud wrote that the information involved in the attack included names, student ID numbers, messages between users and email addresses.

“At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions,” he wrote.

The Wausau School District sent a letter to parents Wednesday regarding the cybersecurity incident. They said there is no evidence that passwords, single-sign-on credentials, financial information or social security numbers were impacted. They stressed that type of information is not stored in Canvas.

Click here to download the WSAW news app or WSAW First Alert weather app.

Click here to submit a news tip or story idea.