Updates and Information About the Instructure Security Incident
The Instructure security incident is a vendor-driven national event affecting multiple institutions. UMass Amherst has not been notified if our campus was directly impacted.
UMass Amherst IT is actively monitoring communications from Instructure and will share material updates provided by the vendor on this web page as they become available.
Updates from Instructure can be viewed on their status page: status.instructure.com.
Please contact @email with any questions.
Update Tuesday, May 5, 8:05 a.m.
Instructure, the published of Canvas, reports that Canvas Data 2 and Beta should now be available for all customers. Canvas Test remains under maintenance. Turnitin reports that service for similarity reports via Canvas LMS submitted via Canvas Plagiarism Framework (CPF) has been restored.
Update Monday, May 4, 10:32 a.m.
Due to an unplanned API key rotation by Instructure following the security incident on Friday, Canvas users, including members of the UMass Amherst community, will encounter issues accessing Turnitin reports via Canvas submitted via Canvas Plagiarism Framework (CPF).
- Turnitin users are recommended to clear their cache and browser history.
- Updates from Turnitin can be viewed on their status page: turnitin.statuspage.io
Update Sunday, May 3, 11:12 a.m.
Instructure reports that while the forensic investigation continues, their teams are taking precautionary steps in Canvas to ensure the security of the platform. The following actions may cause Canvas users to experience some disruption:
- Some application keys have been reissued, requiring users to reauthorize credentials for some tools or content. Reissued application keys contain a timestamp in the name and will be visible to users during re-authorization. These are valid Instructure created keys and users should continue the authorization process. Additional information is available on Instructure's Application Key Timestamp Notice.
- Some tools, including Canvas Data 2, Canvas Beta and Test, remain under maintenance.
- Some customers may be experiencing limited disruption to tools relying on API keys. The Instructure team is actively investigating and has taken precautionary steps to help maintain service stability while they work to restore full functionality.
Update Saturday, May 2, 2:48 p.m.
On Saturday, May 2 at 2:48 p.m. ET, UMass Amherst IT received the following email update from Instructure, the publisher of Canvas, regarding the cybersecurity incident.
While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained.
Here are the steps we have taken since we became aware of the incident. We have:
- Revoked privileged credentials and access tokens associated with affected systems
- Deployed patches to enhance system security
- Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused
- Implemented increased monitoring across all platforms
While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.
Friday, May 1, 6:46 p.m.
On Friday, May 1 at 6:46 p.m. ET, UMass Amherst IT received the following email notification from Instructure, the publisher of Canvas, about a cybersecurity incident.
Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact. Maintaining your trust is our highest priority, and we are committed to transparency throughout this process. We will provide new information as it is confirmed.