Pittsfield Schools Hit by Canvas Data Breach
PITTSFIELD, Mass. — Data syncing between Canvas and PowerSchool software in the Pittsfield Public Schools was paused in response to a recent national data breach.
This may result in outdated progress reports for middle and high schools on Friday, and families are asked to rely on PowerSchool for accurate grades.
During Wednesday's School Committee meeting, interim Superintendent Latifah Phillips reported that Pittsfield Public Schools' data was compromised, specifically usernames, email addresses, course names, and messages from conversations.
"Data that was not compromised was core learning content, submissions, grades, dates of birth, healthcare information, social security numbers, disciplinary records," she reported.
The district notified families of the data breach on Sunday over ParentSquare, and earlier on Wednesday, PPS reported a "temporary issue impacting the connection between Canvas and PowerSchool at the secondary level."
Because of a recent cybersecurity incident with Canvas, the API integration that allows information to sync between Canvas and PowerSchool was temporarily disabled by Canvas and PowerSchool as part of their response efforts.
Canvas, the system used by schools and universities, went down last week during a cyberattack from the hacking group ShinyHunters, which claimed that nearly 9,000 schools had private messages and other records accessed.
The hacking group threatened to leak data over the weekend, and Instructure, the parent company that owns the software, says it has reached an agreement with the "unauthorized actor involved in this incident," according to Instructure's website.
Locally, the syncing issue affects only secondary schools, as elementary-level report cards are entered directly into PowerSchool and are not affected. Progress report grades are scheduled to close on Friday; however, because of the paused sync between Canvas and PowerSchool, progress reports for secondary students may not be fully accurate until the issue is resolved and the systems resume syncing.
PPS educators are entering and updating grades in Canvas as usual, but the district said families with students in secondary schools may see discrepancies between grades in Canvas and PowerSchool until the integration is restored.
"We understand that this situation may cause frustration and inconvenience, and we appreciate your patience and understanding as Canvas works to restore full functionality," the district wrote.
"Pittsfield Public Schools will continue to monitor the situation closely and provide updates as additional information becomes available."
Timeline of events, according to Instructure:
- On April 29, unauthorized activity was detected in Canvas. The company said it immediately revoked the unauthorized party's access, started an investigation, and engaged outside forensic experts.
- On May 7, additional unauthorized activity tied to the same incident was identified. Changes were made to the pages that appeared when some students and teachers were logged in through Canvas, and out of caution, Instructure temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.
"The data fields involved include information like usernames, email addresses, course names, enrollment information, and messages. Core learning data (course content, submissions, credentials) was not compromised. We're still validating all findings, but we want to be clear about what we understand was and wasn't affected," the company wrote.
"Based on the investigation to date, we have not found evidence that data was taken during the May 7 activity. The investigation is ongoing, and we'll share more as findings are verified."??
Instructure has confirmed that hackers carried out this activity by exploiting an issue related to Free-For-Teacher accounts, and said this is the same issue that led to the unauthorized access the prior week.
Tags: data breach,
