Georgia schools affected by cyberattack on online classroom platform
Students in metro Atlanta are among millions across the country who have been affected by a cyberattack on an online learning platform.
A hacking group claimed responsibility for breaching a company that owns Canvas, a popular platform used in K-12 and higher education.
Several local school districts, colleges and universities were affected, according to a list posted by the hacking group. The Atlanta Journal-Constitution is working to verify the affected entities in Georgia.
The Georgia Department of Education told the AJC it has not received detailed guidance regarding the impact and scope of the incident, and noted that some school districts may have independent contracts with the vendor.
“Out of an abundance of caution, GaDOE has implemented security protocols and directed Georgia Virtual School students and staff not to use the platform until further notice. We continue to coordinate with the Georgia Technology Authority and the Georgia Emergency Management and Homeland Security Agency on this matter,” the department said in a statement.
The Fulton County School District informed families Thursday that although Canvas remained operational, “the vendor has confirmed that certain user data, including names and internal messages, may have been accessed.” They heard from Instructure, which owns Canvas, that “passwords, social security numbers, and financial information were not involved.”
The DeKalb County School District told families in an email that its internal networks, system and infrastructure were not compromised, but the district temporarily disabled access to Canvas “out of an abundance of caution.”
Instructure said Thursday in a message on its website that “most users” were able to access Canvas.
Hacking group ShinyHunters claimed in a ransom letter that nearly 9,000 schools and 275 million individuals worldwide are affected by the breach, including students, teachers and other staff.
“Pay or Leak,” the message said.
Some students logged onto Canvas on Thursday to find a similar message from the group. It told individual schools to contact the group privately to prevent release of the data and gave a Tuesday deadline.
Ransomware attacks against government agencies and schools have become more frequent in recent years. Henry County’s school system was attacked in late 2023. Substitute bus drivers had to be guided by central office personnel on unfamiliar routes because they lacked access to GPS. Many homework assignments were completed with paper and pen.
The city of Atlanta suffered a major ransomware attack in 2018. Two Iranian citizens were eventually charged with that crime. And Fulton County government two years ago had a ransomware attack that disrupted various services.
This is a developing story. Please check back for updates.
About the Authors
Cassidy Alexander covers Georgia education issues for the AJC. She previously covered education for The Daytona Beach News-Journal, and was named Florida's Outstanding New Journalist of the Year.
Martha Dalton is a journalist for The Atlanta Journal-Constitution, writing about K-12 education. She was previously a senior education reporter at WABE, Atlanta's NPR affiliate. Before that, she was a general assignment reporter at CNN Radio. Martha has worked in media for more than 20 years. She taught elementary school in a previous life.
