New Zealand students' details caught up in massive global university hack

by · RNZ
The University of Auckland's clock tower. (File photo)Photo: RNZ / Ziming Li

University students across New Zealand cannot submit assignments or communicate with tutors after their online learning system was hit by a global data hack.

Names, email addresses, student ID numbers and messages between users could all be affected by the breach.

Do you know more? Email luka.forman@rnz.co.nz

Learning platform Canvas was offline, and the university said it was working urgently on workarounds to minimise the impact on teaching and learning on Friday.

The Canvas data was held by third party platform Instructure, which had its data hacked.

Impacted universities included the University of Auckland, AUT and the Victoria University of Wellington.

The University of Auckland said in a statement the university's own systems had not been breached and no other systems were at risk.

It said there was no suggestion that any student assessment data, passwords or sign-on credentials had been affected.

An email sent to staff at AUT, confirmed it had been impacted by the hack also.

It said the university's ICT team were working with Instructure and would advise when more was known.

It asked all staff to log out of Canvas.

RNZ understands the hackers posted a message in the Canvas system and asked schools to contact them to reach a settlement.

An AUT staffer told RNZ the platform was used to submit assignments, post readings and communicate with students.

They said students often wrote messages to tutors on the platform with private information in them.

In a statement AUT said while the platform was down, students wouldn't have to submit assessments, and extensions would be given based on how long it was down for.

Auckland University said some accommodations might be necessary where assessments were concerned.

Canvas was used in 9000 education systems around the world.

AFP was reporting, the hack had also hit US universities including Harvard, Stanford.

According to the Harvard Crimson student newspaper and posts on social media, students attempting to access the system on Thursday saw a message from the hacking group saying servers belonging to Canvas's parent company Instructure had "again" been breached.

"Instead of contacting us to resolve it they ignored us and did some 'security patches,'" the hackers said.

"If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately...to negotiate a settlement."

The group warned it would release all stolen data if schools did not make contact by May 12.

Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.

Related Stories

Text message authentication the worst way to stop cyber criminals - reportA major New Zealand security firm says multi-factor authentication is at the heart of some of the most egregious security breaches.Mary Argue, 10 Feb 2025Cyber threats: SMEs don’t know where to startSmall and medium sized businesses have a one in three chance of being the target of a cyber attack.02 Sep 2024Companies and organisations underprepared and overconfident, says cyber security firmThe threats are much bigger than ransomware and phishing, a new index indicates.Nona Pelletier, 15 Apr 2024CrowdStrike glitch: Kiwi firms warned to stay vigilant as hack threats lingerCyber experts are warning New Zealand companies caught in the CrowdStrike IT outage it could be several days before they are protected.21 Jul 2024