Many N.H. schools affected by hack of learning platform

A widespread hack of a popular online learning platform called Canvas disrupted college campuses across the state on Thursday, interrupting final exams and temporarily limiting access to course materials.

Site access had largely been restored as of Friday morning, according to several college administrators.

The hack affected the state university and community college systems, as well as Dartmouth College.

It was not immediately clear to what extent local school districts were impacted. The Department of Education offers free Canvas access to public schools through a program called iLearn.

“We have been made aware of a recent Canvas data breach and are working with our partners to determine the impact to New Hampshire schools and/or NHED systems,” Education Commissioner Caitlin Davis wrote in a message to school leaders on Wednesday, prior to the widespread Canvas outage.

“At this time, we are still learning the scope of the incident and will share updates as information becomes available,” Davis added.

Kim Houghton, a spokesperson for the Department of Education, said her office doesn’t track which school districts use Canvas.

Canvas is a product of a company called Instructure. Many schools rely on the tool to share course materials, handle assignments, host assessments and facilitate communication between students and instructors.

Instructure said it first became aware of unauthorized activity on the site on April 29. It then identified additional unauthorized activity on May 7, which prompted it to temporarily take Canvas offline.

It was down for multiple hours on Thursday afternoon and evening.

Instructure said that the data taken from Canvas included names, email addresses, student ID numbers and messages among users. The company said it had “found no evidence” that passwords, birthdates, government identifiers or financial information had been taken.

Instructure said it notified affected organizations regarding potential data breaches on Tuesday.

The community college system was not among those schools notified of a data breach, according to Shannon Reid, the executive director of government affairs and communications for the system.

A hacking group called Shinyhunters has claimed responsibility for the attack. It claimed that 9,000 schools across the world had been affected.

Here is a list of schools that confirmed they were affected by the outage. This list will be updated.

• Dartmouth College
• Great Bay Community College
• Keene State University
• Lakes Region Community College
• Manchester Community College
• Nashua Community College
• University of New Hampshire
• NHTI
• Plymouth State University
• River Valley Community College
• White Mountains Community College

At the University of New Hampshire, faculty were encouraged to “provide flexibility with deadlines” due to the outage, according to a message sent Friday by Jen Riley, the provost and executive vice president for academic affairs.

Students should not be penalized academically because of the disruption, Riley wrote.

At Dartmouth, the information and technology office recommended on Friday morning that instructors download and store a backup of their course materials and gradebook.

Editor’s note: This story has been updated to clarify that the Community College System of New Hampshire was not among the institutions notified of being affected by a data breach.