Metropolitan State University of Denver’s information security team says a review of last week’s cyberattack on Instructure, the company that provides the learning management system Canvas to the University, indicates that limited user information was exposed, though there is no evidence that highly sensitive personal or financial data was compromised.
Canvas was taken offline at thousands of institutions across the country for several hours last Thursday because of the incident. The platform has since been restored nationwide and is operational.
According to ITS, exposed information may include names, email addresses, student ID numbers and course-related information. There is still no indication that passwords, Social Security numbers, banking information or other highly sensitive data were compromised.
MSU Denver ITS, meanwhile, continues to monitor for additional suspicious activity. A recent phishing campaign appears to have been related to the breach. ITS urges students, faculty and staff to remain vigilant and cautious when opening emails, clicking links or responding to unexpected requests for information.
Please review tips on how to avoid becoming a victim of a phishing scam.
As a precaution, faculty members should also download Gradebooks and class rosters from Canvas. And it’s also a good time to ensure lectures, assignments and other materials are backed up.
Check the Information Security Updates page for the latest information.
If you observe any suspicious activity or have concerns related to your account, please contact Information Technology Services at 303-352-7548 or the ITS service portal.
