Instructure experienced a notice incident on May 1, 2026, lasting 4d 22h. The incident has been resolved; the full update timeline is below.
Update timeline
- investigating May 01, 2026, 10:30 PM UTC
Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact. Maintaining your trust is our highest priority, and we are committed to transparency throughout this process. We will provide new information as it is confirmed. Steve Proud Chief Security Officer
- investigating May 02, 2026, 06:46 PM UTC
We are providing an update on the security incident we advised you of yesterday. While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained. Here are the steps we have taken since we became aware of the incident. We have: - Revoked privileged credentials and access tokens associated with affected systems - Deployed patches to enhance system security - Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused - Implemented increased monitoring across all platforms While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions. Thank you for your patience as we work to resolve this matter. We sincerely regret any inconvenience or concern this may cause. We will continue to keep you apprised as our investigation progresses. For up-to-date information on specific systems, please continue to visit our status page. Steve Proud Chief Information Security Officer
- investigating May 06, 2026, 09:13 PM UTC
We are continuing to investigate this issue.
- resolved May 06, 2026, 09:15 PM UTC
UPDATE - Canvas is fully operational, and we are not seeing any ongoing unauthorized activity. As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where applicable. This will be our final update via this status page for this incident. We will continue to provide updates as appropriate through other channels and are now communicating directly with impacted customers to provide organization-specific information and support.