LAS VEGAS (KTNV) — On Thursday afternoon, Channel 13 was contacted by a student at the University of Nevada Las Vegas (UNLV) reporting a potential hack in Canvas, an educational platform utilized by the university.
Within the email, the student enclosed an email from the school, which shared that the cybersecurity incident carried a national impact across multiple institutions, as it involved the parent company for Canvas.
The email went on to state that Canvas access to students and employees was not impacted, and that Canvas' vendor, Instructure, has confirmed with UNLV that the incident was "contained."
You can read the full email we obtained from the UNLV student here:
"UNLV Students,
We’re aware of a nationwide cybersecurity incident involving the parent company for Canvas, the learning management system used by UNLV and other Nevada System of Higher Education (NSHE) institutions.
At this time, there’s no indication that UNLV has been affected. WebCampus (Canvas) remains fully available and operational for students, faculty, and staff.
This incident involves Canvas’s vendor Instructure and is affecting multiple institutions nationwide. The company has confirmed that the incident is contained. We’re actively monitoring updates and working closely with NSHE and Instructure to assess any potential impact.
We’ll continue to share updates as more information becomes available. For the latest information, please feel free to visit Instructure’s status page. [click.e.unlv.edu]
UNLV takes cybersecurity seriously and is committed to keeping our campus community informed. As always, please remain cautious of phishing emails or suspicious activity and report any concerns to the IT Help Desk. [click.e.unlv.edu]"
We reached out to Instructure, the Nevada System of Higher Education (NSHE), and Clark County School District (CCSD) to learn more about this incident.
CCSD's experience differed from UNLV's, with the school district saying it did not receive "formal confirmation or detailed guidance from Instructure," and that access to Canvas would be unavailable as the issue was addressed.
The school district also shared that it "does not store highly sensitive information, such as Social Security numbers, financial data, or medical records" within the platform.
You can read the full statement that CCSD shared with Nevada families this afternoon here:
"Dear CCSD Community,
The Clark County School District (CCSD) is aware of a global cybersecurity incident involving Canvas, the learning management system owned by Instructure and used by CCSD to support online learning and instruction.
Some students and staff may have seen messages or screenshots circulating online. CCSD is actively monitoring the situation with cybersecurity professionals and appropriate agencies.
At this time, CCSD has not received formal confirmation or detailed guidance from Instructure.
Canvas is currently unavailable while the issue is being assessed and additional security measures are implemented.
Canvas contains limited student and staff information. CCSD does not store highly sensitive information, such as Social Security numbers, financial data, or medical records, within Canvas.
Please do not attempt to log in to Canvas until further notice, and do not click any links that appear in the system.
As a reminder:
- Do not respond to suspicious emails, texts, or login requests
- Do not share passwords or verification codes
- Ignore unexpected account access requests
- Report suspicious activity to spam@nv.ccsd.net
We will provide updates as verified information becomes available."
NSHE also replied to our inquiry, saying that "intermittent service disruptions" had occurred and were being monitored. According to NSHE, the incident did not originate inside NSHE or their institutions.
You can read NSHE's full statement to Channel 13 here:
"The Nevada System of Higher Education (NSHE) is aware that the Canvas learning management system, operated by vendor Instructure, has experienced intermittent service disruptions at its teaching institutions. NSHE is actively monitoring the situation and supporting institutions to ensure academic continuity.
This is not a cybersecurity incident originating within NSHE or any individual NSHE institution. This is a vendor issue involving Instructure that is impacting many institutions around the country. NSHE System Computing Services is working with institutional IT, cybersecurity, and legal teams to safeguard NSHE systems and information while Instructure works to restore service.
As a precaution, NSHE advises Canvas users not to click on any links associated with the platform until instructed by institutions that the issue has been resolved.
NSHE recognizes the concern and disruption this has caused for students, faculty, and staff across our campuses, and will continue to assess the situation and share updates as information becomes available."
At this time, Channel 13 has not heard back from Canvas.
Are you currently impacted by the Canvas issue in our valley? Contact us at ktnv.com/letstalk, or by clicking on the banner below.
