CCSD, UNLV report ‘cybersecurity incident’ affecting Canvas

by · Las Vegas Review-Journal

Schools across Southern Nevada reported they were affected by a cybersecurity incident involving the learning management system Canvas on Thursday.

The Clark County School District said in an email to families that it was monitoring the outage with cybersecurity professionals. The district said Canvas was unavailable for students and staff to use as of Thursday afternoon.

“Canvas contains limited student and staff information. CCSD does not store highly sensitive information, such as Social Security numbers, financial data, or medical records, within Canvas,” the district said Thursday. “Please do not attempt to log in to Canvas until further notice, and do not click any links that appear in the system.”

UNLV said Canvas was experiencing system-wide outages as of Thursday afternoon.

“These are not specific to UNLV, and university-owned systems are secured. Never click on any links in suspicious messages. Please await additional information as we continue to investigate,” the university said.

Kivanc Oner, UNLV’s chief information officer, said in an email Wednesday that the incident involved Canvas’ vendor Instructure and is affecting multiple institutions nationwide.

“The company has confirmed that the incident is contained. We’re actively monitoring updates and working closely with NSHE and Instructure to assess any potential impact,” Oner said in an email Wednesday.

The Nevada System of Higher Education said in an email that it is aware of service disruptions to Canvas and said it is monitoring the situation and supporting its institutions.

“This is not a cybersecurity incident originating within NSHE or any individual NSHE institution. This is a vendor issue involving Instructure that is impacting many institutions around the country,” NSHE said in an email. “NSHE recognizes the concern and disruption this has caused for students, faculty, and staff across our campuses, and will continue to assess the situation and share updates as information becomes available.”

A spokesperson for Instructure did not immediately respond to request for comment.