Some major institutions across Canada, including the University of Toronto, University of British Columbia and University of Alberta, are dealing with fallout from a cybersecurity incident involving a popular platform called Canvas.
Instructure, the U.S.-based parent company of Canvas, confirmed last week it was investigating a cyberattack involving a “criminal threat actor.”
While the learning platform is now up and running, many universities and colleges across Canada are suffering prolonged consequences from the cyberattack.
The company said that some user information, including names, email addresses, student ID numbers and messages may have been accessed, though there was no evidence passwords, financial information or government-issued identification were compromised.
ShinyHunters, the group who claimed responsibility for the large-scale data breaches, wrote that it had stolen 275 million individuals’ data “ranging from students, teachers, and other staff.”
University of Toronto posted an update on the security breach Friday morning, saying they shut down its service Quercus as a precautionary measure.
Get daily National news
“Instructure, the third-party provider that provides Quercus, is currently experiencing an ongoing cybersecurity incident,” the university said.
“There is currently no evidence to suggest that other University of Toronto systems or assets have been compromised.”
The university also warned users not to access the platform Canvas while the incident is being investigated independently.
- Pipeline company Enbridge unfazed by rival oil shipping projects
- Surrey School District superintendent made more than half a million dollars last year
- New secondary school to be built in Tumbler Ridge following mass shooting
- Classrooms are growing faster than supports are arriving in Manitoba: survey
-
![]()
Questions being raised after financial documents show Surrey Schools superintendent makes $500k+ -
![]()
NSCC calls 91 job losses ‘necessary’ to balance budget as staff and students voice concerns -
![]()
Classrooms are growing faster than supports are arriving in Manitoba: survey -
![]()
Focus Ontario: Here Come the Cancellations
Meanwhile, the University of Alberta said Friday that users had reported seeing an unauthorized message while trying to access Canvas.
The university later took the platform offline and urged users not to attempt to log in until further notice.
The U of A said the breach is part of a wider issue involving Instructure that has affected roughly 9,000 institutions globally.
The University of British Columbia also said that Canvas is still “unavailable due to a cyber breach involving Instructure, the provider of Canvas,” in an Instagram story on Thursday night.
They further issued a warning, advising students not to log into Canvas and instructing those already signed in to immediately log out and change their passwords.
Other institutions across the country, including Simon Fraser University and OCAD University, also confirmed reported disruptions tied to the incident.
Instructure said in a statement that Canvas is once again fully operational and that it was no longer seeing unauthorized activity.
The company added that it is now working directly with affected organizations and advised customers to review administrator access and rotate security credentials where applicable.
Comments
Comments closed.
Due to the sensitive and/or legal subject matter of some of the content on globalnews.ca, we reserve the ability to disable comments from time to time.
Please see our Commenting Policy for more.