Canvas cyberattack disrupts Connecticut universities amid final exams
A cyberattack on the company behind the learning management system Canvas caused widespread disruptions at colleges and high schools across the country, including in Connecticut, at a critical time during final exams.
The outage, tied to a breach at Instructure, left students and faculty unable to access coursework, submit assignments or complete exams. Universities across Connecticut, including Yale University in New Haven, Quinnipiac University in Hamden and the University of New Haven in West Haven, reported impacts as the system went offline Thursday.
At Yale, officials said they are working with Instructure to understand what happened. The university also acknowledged that final grade submissions from faculty would be delayed, but access to Canvas was restored Friday afternoon.
Students described the sudden outage as alarming.
“I was like immediately ‘Oh my gosh’, like this has never happened before,” said Rachel Jacquay, a Yale junior.
The disruption comes as many students are taking final exams or submitting end-of-semester assignments, adding to the stress of an already high-pressure period.
“It is kind of crazy that a bunch of schools are being impacted by like the Canvas hack, and the hack kind of coincides with the end of the semester,” said Daniela Rodriguez-Larrain, a Yale junior.
Other Connecticut schools also adjusted plans in response. Quinnipiac University said Canvas is back online and that final exams will continue as scheduled, but adjustments will be made for students on a case-by-case basis. The University of New Haven moved all final exams scheduled before noon Friday to Sunday at the same time.
Experts said while the timing of the cyberattack caused significant confusion, the type of breach itself is not unusual.
“The amount of confusion that it caused in academic operations and in students at a very critical time was immense,” said Vahid Behzadan, a computer science professor at the University of New Haven.
He said some user information may have been accessed, but more sensitive data is likely not at risk.
“More sensitive information like social security numbers, financial information and such are most likely not included in the compromised data,” Behzadan said.
Cybersecurity experts recommend that anyone affected take precautions to protect their accounts. That includes changing passwords and enabling multi-factor authentication.
“If you implement multi-factor like using your phone or using an authenticator, you’re going to knock down 99% of the potential attacks on you,” said Frederick Scholl, a professor of cybersecurity at Quinnipiac University.
Some students said they are already taking those steps in response to the breach.
“I’ll probably change my password for like Yale systems.”
Experts also warned users to be cautious of suspicious emails following the incident, as hackers may attempt phishing attacks to gather additional personal information.
From breaking news and local politics to art exhibitions, live music, high school sports, small businesses, and cultural events, we celebrate the people and places that make Connecticut unique.