NUS, SIM, and more hit in global data breach
National University of Singapore (NUS) and several other Singapore institutions have reportedly been affected by a global cyberattack involving the Canvas learning management platform.
The attack, which disrupted access to Canvas on Thursday (7 May), was allegedly carried out by cyberextortion group ShinyHunters, according to online posts circulating on Reddit and other forums.
Source: Sakorn Sukkasemsakorn on Canva, for illustrative purposes only
Multiple Singapore institutions named in alleged breach
According to The Straits Times (ST), institutions in Singapore reportedly listed in the alleged breach include:
- National University of Singapore (NUS)
- Singapore University of Social Sciences (SUSS)
- Singapore Institute of Management (SIM)
- Institute of Singapore Chartered Accountants (ISCA)
- Singapore College of Insurance
- NTUC LearningHub
- The Learning Lab
- KLC International Institute
- The Learning Space SG
International institutions such as Harvard University and Stanford University were also reportedly affected.
The hackers allegedly threatened to release stolen data if affected institutions did not negotiate with them before 12 May.
NUS says marks and login credentials remain safe
In response to media queries from MS News, an NUS spokesperson said the university was aware of the breach involving Canvas, which is operated by US-based company Instructure.
“Data protection and security are our priority, and we are in touch with Instructure to assess the impact,” the spokesperson said.
“We understand from Instructure that the data involved comprises names, email addresses and matriculation numbers. No other sensitive personal information, including login credentials, is compromised.”
Source: NUS Canvas website
NUS added that operational impact was “minimal” as the current semester and examinations had already concluded.
The university also said backup and business continuity measures were in place to ensure activities such as marking and grading were unaffected.
Students have since been reminded to remain vigilant against suspicious messages or phishing attempts.
Canvas owner says passwords and financial data not affected
On 1 May, Instructure confirmed it had suffered a cyberattack.
Source: Instructure Status page
On 2 May, the company said affected information may include names, e-mail addresses, student ID numbers and messages between users, according to the University of Massachusetts Amherst.
However, it said there was “no evidence” that passwords, birth dates, government identifiers or financial information had been compromised.
Instructure later said on 6 May that Canvas was fully operational again and that there was no ongoing unauthorised activity detected.
On 9 May, Instructure said that some students still struggle to log into their ePortfolios.
Source: Instructure Status page
SIM implementing alternative arrangements
SIM said it was monitoring the disruption closely together with Instructure, ST reported.
Source: Google Maps
The institution added that alternative arrangements would be made for affected students, including:
- Sending Zoom links directly to students
- Potentially postponing assignment and quiz deadlines
- Assisting students with retrieval of course materials
Meanwhile, ISCA said the potentially affected data was limited to names and e-mail addresses associated with Canvas, said ST.
“There is no indication that other sensitive data like NRIC or FIN numbers have been compromised,” an ISCA spokesperson said.
The organisation added that its internal systems remained secure and unaffected.
MS News has reached out to ISCA and the Singapore College of Insurance for comment.
Have news you must share? Get in touch with us via email at news@mustsharenews.com.
Featured image adapted from National University of Singapore on LinkedIN for illustrative purposes only.
