Canvas owner confirms cybersecurity incident
Canvas owner confirms cybersecurity incident
https://www.highereddive.com/news/instructure-confirms-cybersecurity-incident/819586/
Publish Date: 2026-05-08 16:54:00
Source Domain: www.highereddive.com
Listen to the article
This audio is auto-generated. Please let us know if you have feedback.
Dive Brief:
- A recent cybersecurity attack on Instructure exposed certain student information, the ed tech company confirmed in a May 1 status update. The following day, it said it believes the incident has been contained.
- Information impacted by the data breach includes messages between users, names, email addresses and student ID numbers, according to Instructure. The company said no passwords, dates of birth, government identifiers or financial information were believed to have been compromised as of May 2.
- While Instructure said it is actively investigating the incident alongside forensics experts, the company has not disclosed how many school districts were affected.
Dive Insight:
Instructure, on its homepage, touts itself the “most-visited education website in the world.” The company operates several ed tech products for colleges and K-12 schools, including the widely used Canvas learning management system.
Canvas has over 6 million “concurrent users,” according to Instructure’s website. The company did not explicitly say the breach had affected Canvas, but it said it was investigating disruptions to some Canvas tools and putting the system under maintenance around the same time it announced the data breach.
Upon request for comment and further details regarding the cybersecurity incident, Instructure told K-12 Dive in a Tuesday email to check the company’s status page, where it said updates on the breach would be provided as they become available.
In response to the incident, Instructure said on its status page, the company has revoked privileged credentials and access tokens related to the affected systems, deployed patches to increase…
