Canvas (Instructure) Breach Information
Launch the media gallery 1 playerInstructure is the parent company and creator of the learning management system Canvas that we use throughout our District to store, manage, and deliver student instructional materials and resources. We received the following message that informed us that some of our data may have been accessed during the breach:
We are writing with an important update on the recent Canvas security incident.
While our investigation remains ongoing with the assistance of outside forensic experts, we want to share that your organization has been impacted by a criminal threat actor who has obtained data associated with your account. Based on what we have found to date, the data involved appears to include personal information. At this time, we have found no indication that passwords, dates of birth, government identifiers, or financial information were involved.
On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. We detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, we revoked additional suspicious access and addressed the underlying vulnerability. We have found no indicators of an ongoing threat.
Actions we have taken
From the moment we detected this malicious activity, we moved quickly to protect our platform and learn what happened. We:
- Engaged a leading third-party forensics firm to support our investigation
- Notified law enforcement, including the FBI, U.S. Cybersecurity and Infrastructure Security Agency (CISA), and international law enforcement partners
- Disabled the compromised accounts and revoked all associated access and tokens
- Remediated the underlying vulnerability and deployed platform-wide protections
- Rotated internal keys and restricted token creation pathways across the platform
Current status
Canvas, Canvas Data 2, and Canvas Beta are fully operational and we continue to focus on bringing the Test environments back online this week. The broader platform is fully operational with enhanced monitoring and detection controls in place. Service updates are posted to our status page.
Impact on your organization
Our teams are working around the clock with outside forensics experts to gather the information you need to understand how this impacted your organization. Investigations of this nature take time to do properly, and we are committed to giving you accurate information as quickly as we are able. As always, your CSM and account team are available.
Near-term impacts to your Canvas Experience
Continuously hardening our infrastructure is a critical goal, and thus, there are some changes you will see. We know some of these changes may cause some inconvenience to you and your users, but we think it’s prudent given the ever-evolving security landscape.
Recommended Actions for Your Organization
We recommend you continue to observe industry best practices regarding data hygiene and security, including, but not limited to:
- Enforce MFA on every privileged account, and audit admin role assignments to remove anyone who shouldn't have access
- Engage your security, privacy, and legal teams to review your organization's own notification obligations under FERPA, state law, and any international privacy laws that apply
- Watch for our follow-up with organization-specific data and identity-protection resources for affected individuals
We know this incident affects the trust you place in us, and we take that seriously. We are committed to sharing timely, accurate updates as our investigation progresses.
Sincerely,
Steve Daly
Chief Executive Officer, Instructure
Steve Proud
Chief Information Security Officer, Instructure
We will continue to keep you updated as we receive further information about this incident. Please check back for updates.