The national/international outage of Canvas has been resolved. We realize the outage was very disruptive, but we appreciate your continued patience. We will continue to monitor the situation and will update our System Status page as we learn more. In addition, Instructure has published information about the incident.
What happened?
According to Instructure, they detected unauthorized activity in Canvas on April 29. They immediately revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts. On May 7, Instructure detected additional unauthorized activity tied to the same incident. The unauthorized actor made changes to pages that appeared when some students and teachers were logged in through Canvas. Out of caution, Instructure temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.
Why did Ohio State continue to keep CarmenCanvas offline when other universities had reinstated access?
Because our finals are completed, we did not want to rush our analysis. Out of an abundance of caution, we took aditional time to review the system to ensure the system is completely safe for our users. We expect to bring the systems back online in a phased approach; CarmenCanvas, the main academic learning management system, may come online before ScarletCanvas, our continuing education and professional learning management system.
I am a student, will the posting of grades be delayed?
Graduating seniors’ grades were due on May 6 at noon. The university is still contemplating extending the deadline for posting final grades. That may delay the visibility of grades to students who are not graduating on May 10.
Was my information compromised?
According to information released by Instructure, names, email addresses, student ID numbers, and messages among Canvas users were taken by the bad actors during an incident on April 29. They have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved in the May 7 attack. The investigation is ongoing, and they plan to share more as findings are verified.
As a student what should I do to protect my information?
Following any cybersecurity threat, all users should exercise additional caution related to possible phishing attempts. Do not respond to messages requesting personal information.