GRCC among institutions affected by Canvas cybersecurity incident
GRCC among institutions affected by Canvas cybersecurity incident
Publish Date: 2026-05-17 13:34:00
Source Domain: thecollegiatelive.com
Collegiate Staff/Kole Meschke
Grand Rapids Community College was among the institutions affected by a recent cybersecurity incident involving Instructure, the parent company of Canvas. Instructure confirms that usernames, email addresses, course names, enrollment information, and messages were involved in the security incident.
Canvas is the learning management system GRCC began using in the fall of 2025, making the switch from Blackboard. Canvas is used schoolwide for coursework, grades, assignments, and communication between students and instructors. Instructure owns and operates Canvas, meaning the incident involved a third-party vendor used by GRCC. GRCC’s own internal systems were not breached, according to the college’s communications.
Instructure said that course content, submissions, and credentials were not compromised, and GRCC Communications stated in a school-wide email that, “According to Instructure, unauthorized access to certain account-related data occurred. At this time, they have stated there is no indication passwords, dates of birth, government identifiers, or financial information were involved.”
While Canvas remains operational, questions remain about the specific impact the cybersecurity incident has on GRCC. GRCC’s communication shifted over the course of a week as Instructure released more information about the incident:
On May 6, GRCC sent a communication informing the school that it had been notified of a security breach involving Instructure, but had not been informed of any direct impact to GRCC.
On May 8, GRCC said Instructure confirmed that GRCC was among the impacted institutions. GRCC explained that unauthorized access included “certain account-related data,” but there was no indication that passwords, dates of birth, government IDs, or financial information were accessed. The college also connected a Canvas outage on May 7 to the incident. “Please note that yesterday’s Canvas outage…
