Montgomery County Public Schools said Tuesday evening that Canvas (myMCPS Classroom) remains disabled as the district continues monitoring a nationwide cybersecurity incident involving the learning platform.
In an update sent to students and families, MCPS said Canvas parent company Instructure Inc. informed the district that it had reached an agreement with the group responsible for the cyberattack. According to MCPS, Instructure reported that the affected data was returned and that the company received assurances and evidence indicating the information had been deleted and would not be shared or distributed online.
“The MCPS cybersecurity team continue to review information provided by Instructure and monitor the situation closely,” the district said. “At this time, we will continue to evaluate and re-enable connections to our other instructional platforms that use Canvas.”
MCPS first disabled myMCPS Classroom on May 7 following what it described as a “widespread cybersecurity concern” involving the platform.
At the time, education technology company Instructure disclosed a data breach in which hackers reportedly accessed private student information, including names, personal email addresses, and messages exchanged between teachers and students, according to TechCrunch. Reports also indicated hackers may have compromised the platform again by defacing login pages for several schools using Canvas.
Canvas is widely used by school systems to manage coursework, assignments, grades, and communication between students and teachers.
