Washington University in St. Louis Information Technology and distributed IT partners successfully navigated a global service incident in May affecting the university’s Canvas instance. A cybersecurity breach of Canvas created challenges for schools, colleges and universities around the world.
Thanks to swift coordination, standout individual efforts within the team and the university’s business continuity plan, the global Canvas cybersecurity breach, while occurring at a very inconvenient time, during the weeks leading up to and including finals and commencement, had a lesser impact than it could have on the faculty, staff and student populations WashU.
The incident response highlighted the dedication of the technical team, specifically the critical contributions of Shared Infrastructure and InfoSec, who played a central role in managing the situation. IT worked closely with the Office of the Provost, Student Affairs, the Office of the Registrar, University Marketing and Communications and other units to ensure the campus community had the information it needed to act in a responsible manner; only logging into Canvas when it was confirmed safe to do so.
According to WashU’s Chief Information Security Officer Chris Shull, WashU IT teams quickly immersed themselves in the troubleshooting process and took on the primary responsibilities required to restore normal operations. Shull specifically recognized the work of Andrew Carver, Assistant Director, Student Domain.
“He really jumped into the trenches and carried the bulk of the water,” Shull said, noting that Carver’s exceptional work was the driving force behind the successful resolution.
Carver, in turn, thanked the information security and incident response teams for their support during the incident. Additionally, he specifically recognized Patrick O’Leary, Application Analyst II, Brian Railey, DRA Applications Lead, Chris Reynolds, Application Developer III, Josh Dickey, Application Analyst II, Grant Harris, Application Analyst II, Jeff Prehm, Application Developer III and Michael Fariborz, Application Developer Lead, noting, “They worked some long and late hours to re-secure our environment and protect our students, faculty and staff.”
He added WashU experienced service degradation from the morning of May 1 through the morning of May 4. This involved some services in Canvas being unavailable. The widespread Canvas outage started at 3:30 p.m. on May 7 and the service was restored as of 10 a.m. on May 8.
Along with sending normal service degradation and outage notifications, a Canvas system announcement email was sent by Shull. The communication was sent after the vendor, Instructure, disclosed the cyberattack and before the full outage.
Shull’s message informed all Canvas users of the incident and included precautions they could take, such as reviewing recent course activity, submissions and grade changes to ensure there was nothing unexpected or that the user did not initiate. It also provided instructions for users to follow if they noticed anything unusual with their accounts.
Shull also recognized Brian Chapman, Manager of Technical Services, and Ben Horstmann, Assistant Director of Shared Infrastructure for their response in the effort.
“I would just like to say how fortunate we are that WashU takes information security so seriously,” Chapman said. “We have a great team of people constantly working hard to keep us protected from malicious actors.”
The collaboration during the incident underscores WashU IT’s ongoing commitment to maintaining stable, reliable educational technologies for the university community. Further details regarding the root cause and long-term preventative measures are being reviewed as part of the standard post-incident process.
For information about systems experiencing any type of impact, the WashU IT Status page is a helpful resource.