Instructure, the company behind Canvas, confirmed a cybersecurity incident on May 1, 2026. At this time, they report no evidence that passwords, dates of birth, government identifiers, or financial information were involved. However, the investigation is ongoing.
Key details:
1. Initial Discovery: Limited disruption to API-dependent tools was observed on April 30, 2026.
2. Confirmation & Disclosure: The incident was officially confirmed on May 1, 2026.
3. Containment: Reported as contained on May 2, 2026.
Instructure has stated that affected data may include basic user information such as names, email addresses, student ID numbers, and user messages.
As a precaution, Houston Christian University has taken appropriate steps to review and secure systems associated with Canvas.
The status of the event is posted on their webpage here: https://status.instructure.com/. We will continue to monitor the situation and provide updates as they become available.
