Published 05/18/2026

Purpose: This document provides a summary of the Instructure (Canvas) security incident, answers to common questions, and guidance for best practices.


On this page:


Incident Summary

Instructure, the owner and provider of our Canvas learning platform, recently experienced a cybersecurity incident affecting their systems. In response, they initiated a temporary service outage as part of their containment and recovery process. Canvas service has since been restored, and TMU continues to monitor the situation and evaluate vendor-provided updates related to our community’s data.

Official Updates (Instructure)


NOTICE: Official incident updates from Instructure are posted here:


What Happened

Following a security event within Instructure’s environment, the Canvas platform underwent a temporary outage as part of their defense and recovery process. Once service was brought back online, TMU implemented security measures and validated the environment before re-establishing access for the campus. We are continuing to review verified updates as they are released by the vendor.

Data Potentially Impacted

Based on the information provided by Instructure to date, certain types of account information may have been impacted by this breach. These categories potentially include:

  • Account names
  • Account email addresses
  • Student ID numbers
  • User messages (e.g., Canvas inbox communications)

What Was Not Impacted

NOTICE: TMU account passwords were not impacted. TMU does not store passwords within Canvas, and no credential exposure has been reported by Instructure.

Canvas does not store certain categories of sensitive information, including:

  • Passwords
  • Social Security numbers
  • Financial information
  • Dates of birth
According to Instructure, other stored information also remained secure, including course content, submissions, and credentials.


Vendor Actions (Instructure)

Instructure has stated they have taken a number of steps in response to this incident, including:

  • Engaging third-party forensic experts
  • Notifying law enforcement
  • Enhancing monitoring and security controls across the platform
  • Reporting that the unauthorized actor involved has been addressed through vendor-led response actions and that additional protective steps have been implemented

Our Response and Current Status

IT Services & Security is monitoring the situation and is prepared to take further action as needed to protect our community. Since re-establishing our connection to the platform,we have observed no anomalous or suspicious activity within TMU’s Canvas environment.


We ask all students, faculty, and staff to continue using the following best practices:

  • Official Logins Only: Only log in to Canvas via the official URL: masters.instructure.com.
  • Use Institutional Email: Always use your official @masters.edu email address for Canvas access.
  • Practice Password Safety: Ensure you are not reusing the same password across multiple websites.
  • Be Vigilant: If you receive a message about this incident and are unsure if it is legitimate, do not click any links or reply. Instead, report it using the Phish Alert Button in Outlook, or forward it to spam@masters.edu.

General Email Safety Reminder

Security events are often followed by an increase in phishing attempts. Use caution if you receive a message that:

  • Uses Pressure or Urgency: Watch for subjects like “Action Required” or threats to lock your account.
  • Requests Sensitive Info: TMU will never ask for your password or MFA codes via email.
  • Includes Unexpected Links/Files: Avoid opening any attachment or link you weren’t expecting, even if it looks like it’s from a familiar source.
  • Requests payment: TMU will never ask students, faculty, or staff to pay to access Canvas or to complete coursework or exams in Canvas.
  • Reporting: If you see something suspicious, please use the Phish Alert Button or forward the email to spam@masters.edu.