Confirmed Security Incident

Update timeline

1. investigating May 01, 2026, 10:30 PM UTC

   Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact. Maintaining your trust is our highest priority, and we are committed to transparency throughout this process. We will provide new information as it is confirmed. Steve Proud Chief Security Officer

2. investigating May 02, 2026, 06:46 PM UTC

   We are providing an update on the security incident we advised you of yesterday. While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained. Here are the steps we have taken since we became aware of the incident. We have: - Revoked privileged credentials and access tokens associated with affected systems - Deployed patches to enhance system security - Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused - Implemented increased monitoring across all platforms While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions. Thank you for your patience as we work to resolve this matter. We sincerely regret any inconvenience or concern this may cause. We will continue to keep you apprised as our investigation progresses. For up-to-date information on specific systems, please continue to visit our status page. Steve Proud Chief Information Security Officer