Instructure Security Incident & Canvas Updates

May 13, 2026
Canvas / Learning Technologies, Information Security, Service Report

Updates and Information About the Instructure Security Incident

The Instructure security incident is a vendor-driven multi-national security incident event affecting multiple institutions, including UMass Amherst. UMass IT is actively monitoring the situation and will share material updates provided by the vendor on this web page as they become available.

UMass Amherst students, faculty, and staff can email @email with any questions about Canvas.

Visit Instructure's Security Incident Update & FAQs and Canvas status page for additional information.

 

Update Wednesday, May 13, 8:35 a.m.

UMass Amherst IT is investigating issues with LaTex math equation functionality in Canvas. Instructure is aware and working to resolve the issue.

 

Update Tuesday, May 12, 7:55 a.m.

On Monday, May 11, Instructure, the publisher of Canvas, posted on their website that they have reached an agreement with the unauthorized actor involved in the recent cybersecurity incident affecting Canvas. The message includes the following:

Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement:

  • The data was returned to us.
  • We received digital confirmation of data destruction (shred logs).
  • We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.
  • This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.

 

The full post can be viewed on Instructure's Security Incident Update & FAQs web page.

 

Update Sunday, May 10, 2:05 p.m.

Instructure has posted the following update on its Security Incident web page:

This incident involved unauthorized access to part of our environment. The data fields involved include information like usernames, email addresses, course names, enrollment information and messages. Core learning data (course content, submissions, credentials) was not compromised.

View Instructure's full update here: https://www.instructure.com/incident_update

 

Update Friday, May 8, 3:00 p.m.

As UMass IT works to ensure that UMass Amherst system integrations with Canvas are secure, campus users may experience delays with some integrated functions, including instructor access to the GRADE button in SPIRE to import final grades from Canvas.

 

Update Friday, May 8, 8:30 a.m.

Canvas access is now restored and available for UMass Amherst. UMass IT staff completed additional safety reviews after Instructure brought the Canvas platform back online. Please note that some features may not be available until full functionality is restored.

We understand this is a major disruption during this critical time in the semester. Thank you for your patience.
 

Update Thursday, May 7, 4:15 p.m.

As of 4:15 p.m. on Thursday, May 7, Canvas is currently unavailable. This is a vendor-driven national event affecting multiple institutions beyond UMass Amherst. UMass Amherst IT is actively monitoring communications from Instructure and will share material updates provided by the vendor on this web page as they become available.

We encourage campus community members to remain security-conscious, particularly during this time. Please be alert to phishing attempts, including suspicious emails, texts, or messages asking for your login credentials or personal information.

UMass Amherst IT recommends reviewing the following resource for tips on how to protect yourself: Protect Yourself Against Phishing Scams & Identity Theft 

  • Never click on suspicious links or attachments. 
  • Never share your UMass login credentials.  
  • Report suspicious emails to: [email protected] 

 

Update Thursday, May 7, 8:15 a.m.

On Wednesday, May 6 at 5:15 p.m. ET, Instructure published the following on the Instructure state page: 

Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.
As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where applicable.
This will be our final update via this status page for this incident. We will continue to provide updates as appropriate through other channels and are now communicating directly with impacted customers to provide organization-specific information and support.

 

Update Wednesday, May 6, 1:30 p.m.

UMass Amherst has been notified by Instructure that UMass Amherst was impacted by the recent cybersecurity incident affecting Instructure’s product, Canvas. 

Based on what Instructure has told us to date, the data involved may include personal information such as names, email addresses, student ID numbers, and messages among users. Instructure has told us that they have found no indication that passwords, dates of birth, government identifiers, or financial information were involved. Please note that UMass Amherst does not store dates of birth, government identifiers, or financial information on our instance of Canvas.

Instructure has told us that there are no indicators of an ongoing threat and that it has notified law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

While UMass Amherst has been told that it was impacted, Instructure has not yet provided any further specifics beyond the general categories of data described above. Instructure has committed to providing organization-specific information as quickly as possible, as well as identity protection resources for affected individuals. UMass Amherst IT will share additional information as soon as it is confirmed.

 

Update Tuesday, May 5, 8:05 a.m.

Instructure, the published of Canvas, reports that Canvas Data 2 and Beta should now be available for all customers. Canvas Test remains under maintenance. Turnitin reports that service for similarity reports via Canvas LMS submitted via Canvas Plagiarism Framework (CPF) has been restored.

 

Update Monday, May 4, 10:32 a.m.

Due to an unplanned API key rotation by Instructure following the security incident on Friday, Canvas users, including members of the UMass Amherst community, will encounter issues accessing Turnitin reports via Canvas submitted via Canvas Plagiarism Framework (CPF).

  • Turnitin users are recommended to clear their cache and browser history.
  • Updates from Turnitin can be viewed on their status page: turnitin.statuspage.io

 

Update Sunday, May 3, 11:12 a.m.

Instructure reports that while the forensic investigation continues, their teams are taking precautionary steps in Canvas to ensure the security of the platform. The following actions may cause Canvas users to experience some disruption:

  • Some application keys have been reissued, requiring users to reauthorize credentials for some tools or content. Reissued application keys contain a timestamp in the name and will be visible to users during re-authorization. These are valid Instructure created keys and users should continue the authorization process. Additional information is available on Instructure's Application Key Timestamp Notice.
  • Some tools, including Canvas Data 2, Canvas Beta and Test, remain under maintenance.
  • Some customers may be experiencing limited disruption to tools relying on API keys. The Instructure team is actively investigating and has taken precautionary steps to help maintain service stability while they work to restore full functionality.

 

Update Saturday, May 2, 2:48 p.m.

On Saturday, May 2 at 2:48 p.m. ET, UMass Amherst IT received the following email update from Instructure, the publisher of Canvas, regarding the cybersecurity incident.

While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained.

Here are the steps we have taken since we became aware of the incident. We have:

  • Revoked privileged credentials and access tokens associated with affected systems
  • Deployed patches to enhance system security
  • Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused
  • Implemented increased monitoring across all platforms

While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.

 

Friday, May 1, 6:46 p.m.

On Friday, May 1 at 6:46 p.m. ET, UMass Amherst IT received the following email notification from Instructure, the publisher of Canvas, about a cybersecurity incident.

Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact. Maintaining your trust is our highest priority, and we are committed to transparency throughout this process. We will provide new information as it is confirmed.