Educational institutions across the United States, including several in Michigan, are grappling with a significant security issue on the Canvas online learning platform. This breach has led to widespread disruptions at K-12 schools and universities.
Earlier on Friday, the University of Michigan (U of M) advised its students to log out of Canvas immediately as a precautionary measure to safeguard their data. Ravi Pendse, U of M’s Vice President for Information Technology and Chief Information Officer, acknowledged the inconvenience: “We recognize the disruption this may cause, particularly during a busy time of year, and we are working as quickly and carefully as possible to restore access when it is safe to do so.”
Later that afternoon, U of M reported that students and staff could now access Canvas and resume typical activities, although some services connected to Canvas might still be stabilizing. The outage also affected Eastern Michigan University and Wayne State University.
Wayne State University issued a statement, saying, “We are working with Instructure to restore access as soon as possible. We understand the inconvenience this creates as we end the winter semester and begin spring/summer classes.”
Instructure, the company behind Canvas, has announced that the platform is operational for most users. However, according to their status page, Canvas Beta and Canvas Test remain under maintenance.
Despite these assurances, some institutions, such as Highpoint Virtual Academy of Michigan, reported continued issues with Canvas accessibility. The Academy canceled classes on May 8, instructing students to avoid the platform and not to interact with any pop-up links, citing an “escalation in the Instructure Security incident.”
Similarly, the Michigan Great Lakes Virtual Academy also canceled classes due to the ongoing outage.
Instructure’s reports indicate that unauthorized activity was first detected on April 29, leading to the current disruptions. The company responded by revoking access and launching an investigation with the help of external forensic experts. The cyberattack altered Canvas’s page appearance during login attempts by students and educators.
“Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards,” stated Instructure.
Editor’s note: U of M holds Michigan Public’s broadcast license.
