Middle GA schools provide updates after nationwide cyberattack. What we know

Thousands of universities and schools K-12 across the country have been impacted by a data breach Thursday that targeted Canvas, a learning management platform widely used by staff and students.

A cybercriminal hacking group claimed responsibility for a nationwide cyberattack on educational tool Canvas, which is operated by the vendor Instructure, according to Reuters. The system was shut down in response to the breach, and campuses were locked out of the online platform.

Several Middle Georgia schools shared security updates, including Mercer University, the Bibb County School District and the Houston County School District.

In an online statement, the Houston County School District said it uses Canvas to share lessons, submit assignments and communicate with teachers. Officials said Instructure informed the district that a hacker obtained certain data associated with Canvas accounts but did not provide details about exactly what information may have been compromised locally.

“Instructure has not yet provided us with school-specific details, so we do not know the full extent the Houston County School District was directly impacted,” the district said.

Student passwords, dates of birth, Social Security numbers and financial information were not involved, the district said. But some user information, including names, school email addresses, classroom assignments and internal Canvas messages, may have been involved, according to Instructure.

The incident did not impact internal technology infrastructure used by the Houston County School District, officials added.

In a statement Friday, the Bibb County School District said it also was part of the Canvas breach, but no internal district systems were compromised.

Bibb County Schools urged families to remain vigilant, avoid clicking links or attachments from unknown sources and report any unusual activity.

Mercer University spokesperson Jennifer Fairfield said Friday that Canvas is currently available, and officials will provide additional updates regarding status changes.

The three schools said they will continue to work with Instructure while monitoring updates and coordinating response efforts from the vendor.

The Georgia Department of Education said Friday afternoon it has not received detailed guidance from Canvas regarding the impact and scope of this incident, including which institutions may have been affected

State leaders have, however, implemented security protocols and directed Georgia Virtual School students and staff not to use the platform until further notice.

“We continue to coordinate with the Georgia Technology Authority and the Georgia Emergency Management and Homeland Security Agency on this matter,” GaDOE spokesperson Meghan Frick said in an email Friday.

Frick added that some districts may contract independently with Canvas, noting that this is a “vendor platform issue” and not a specific issue with the state department.

“As we continue to coordinate with GTA and GEMA/HS, we will advocate to ensure local school districts have the support they need as more details evolve,” Frick said.