Cybersecurity Incident Affecting Canvas (Instructure)
The Texas A&M University System is aware of a cybersecurity incident affecting Instructure, the company that operates Canvas — the learning management system used across our member universities. This incident was not directed at the Texas A&M University System or any of our institutions. Instructure serves thousands of institutions worldwide, and this is a vendor-level event that may affect multiple institutions globally.
Canvas continues to operate normally across Texas A&M System institutions where it is being used.
What Happened
On May 1, 2026, Instructure publicly disclosed a cybersecurity incident that is currently under active investigation with the assistance of outside forensics experts and federal law enforcement.
Instructure has stated that the information involved consists of certain user data, including:
- Names
- Email addresses
- Student ID numbers
- Messages among users within the Canvas platform
Instructure has also stated that it has found no evidence that passwords, dates of birth, government identifiers (such as Social Security Numbers), or financial information were involved.
The investigation is ongoing. The Texas A&M University System will communicate any material updates as they become available from Instructure.
What the Texas A&M System Is Doing
- Actively monitoring: The TAMUS Office of the System CISO and member institution IT security teams are closely monitoring Instructure's disclosures and working to assess any specific impacts to Texas A&M System data or systems.
- Working directly with Instructure: System and campus IT teams are engaged with Instructure to assess institution-specific exposure and ensure all remediation steps have been applied.
- Coordinating as needed: TAMUS security teams are monitoring for any indicators of impact to member institutions.
- Reviewing contractual obligations: We are reviewing our agreements with Instructure to ensure all notification and remediation commitments are being fulfilled on our behalf.
What You Should Do
- Watch for phishing emails. Do not click links in unsolicited emails claiming to be from Canvas, Instructure, or your campus IT department. Threat actors routinely exploit public breach disclosures to launch phishing campaigns targeting affected users.
- Access Canvas directly. Always log in to Canvas using your institution's official Canvas URL. Do not follow emailed links to log in — type the known address directly into your browser or use a saved bookmark.
- Use strong, unique passwords. If you use the same password for Canvas as other accounts, change those passwords now. Each account should have a unique, strong password. Enable multi-factor authentication wherever available.
- Report anything suspicious. If you receive a suspicious email, notice unusual account activity, or believe your information may have been misused, contact your campus IT Help Desk immediately.
Get Help
Contact your institution's IT Help Desk or Information Security Office to report concerns or request assistance. Links to campus-specific support resources are available through your institution's IT webpage.
Additional Resources
- Instructure Security Update: https://instructure.com/resources/blog/security-incident-update/
- Instructure Status Page: https://status.instructure.com
- TAMUS Cybersecurity Information: https://www.cyber.tamus.edu/canvas-incident/
This notice will be updated as additional confirmed information becomes available.