ORLANDO, Fla. — Orange County Public Schools leaders say the Canvas online learning system is safe to use again after a global cyberattack impacted schools worldwide.
School Board member Angie Gallo said district IT and digital teams worked together to secure the system after hackers accessed data tied to more than 275 million users at nearly 9,000 schools.
“To my knowledge, nothing was taken from our site,” Gallo said.
Gallo said users may notice slower performance as students and staff log back into the platform.
“It may bog down or slow down the system for today, so just be patient if you experience any kind of hiccups, but it should be good to,” she said.
Instructure, the parent company behind Canvas, said it reached an agreement with the hackers and received digital confirmation the stolen data was destroyed. But cybersecurity experts say there is no way to know for certain.
“I guess we really never know, but they say that there’s no honor among thieves, but it doesn’t play in their best interest to divulge the data,” said James Herrington of Orlando-based Lovada Systems.
Channel 9 asked Instructure whether a ransom was paid and why, but has not yet received a response.
Herrington said once a breach happens, negotiations are often handled by attorneys and insurance companies.
“It’s out of your hands whenever a breach occurs, the attorneys and the insurance company come into play to negotiate with these hackers,” Herrington said.
He recommends using multi-factor authentication and password managers to help protect accounts.
“Passwords generated for you, you don’t have to, and you can use the password manager that’s built into your browser, your desktop, your phone, and use those,” Herrington said.
He also said multi-factor authorization is another way to stay safe.
Read the full statement from Instructure:
We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.
With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement:
The data was returned to us.
We received digital confirmation of data destruction (shred logs).
We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.
This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.
While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses.
Read the full statement from OCPS:
OCPS Families, Canvas has been restored. Staff have completed the necessary internal and external coordination to reestablish access for students, staff, and parents. This
effort would not have been possible without the collaboration of the ITS team, the Digital Learning team, and many other departments across the district. As use resumes today, you may experience intermittent inconsistencies while the system continues to receive updates to strengthen security. Higher-than- rmal login activity may also result in slower access or longer page load times. Thank you for your patience as teams monitor system performance
throughout the day. Instructure, the parent company of Canvas, announced that they have reached an agreement with the group responsible for the incident. As part of the
agreement:
• All data was returned to Instructure.
• They have received digital confirmation of data destruction (shred logs).
• No Instructure customers will be extorted as a result of this incident, publicly or otherwise. • The agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the
unauthorized actor.
Thank you for your continued support and understanding as our staff remains committed to keeping your information safe.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.