Commentary – Canvas hack exposes cybersecurity flaws across California’s universities
Commentary – Canvas hack exposes cybersecurity flaws across California’s universities
Publish Date: 2026-05-15 11:18:00
Source Domain: kiowacountypress.net
The last message I expected to receive Thursday afternoon was a request by a student to postpone an assignment because of a cyberattack. Canvas, the tool where millions of students around the world submit their work, check their grades, watch lectures and take quizzes was inaccessible to faculty and students in the waning days of the school year.
People were posting ransom note screenshots on social media. Something like this was bound to happen eventually. It’s an inevitable consequence of information centralization.
About an hour after I got the message, I was trying to assess the damage. For me, it was not that bad. I give paper tests and quizzes and I’ve been regularly creating Slack workspaces for my classes. I mainly use Canvas to link to documents and allow students to check their scores and ponder about their grades. It was a real hassle when the only answers to “How am I doing in this class” sat in a private gradebook in the instructor’s office.
But I am probably in the minority. Many of my colleagues are heavily dependent on Canvas, especially for bigger or online classes — those that have no live lectures. For them this was “deeply disruptive,” as the California Faculty Association put it.
I had never heard of the parent company Instructure before, and until this hack, I didn’t realize Canvas content was centrally stored. It’s been at least a decade-long trend to move services off campus to save on costs. All kinds of records and student databases are offsite now.
The pitch is always the same: save money by doing things at scale. Cut out expensive maintenance and data storage. Why pay for servers and IT staff for technology that will be obsolete in a few years? The vendors who contract with university campuses swear up and down that it’s safe, secure and it won’t be used to train AI.
The risk of having millions of student records and multiple terabytes of data in one place is rarely even contemplated by decisionmakers….
