Canvas Security Incident

Published: May 8, 2026 | Last Updated: May 8, 2026

On Thursday May 7, 2026, Canvas became unavailable to over 9,000 schools worldwide, including LC State. Instructure, the company that owns Canvas, confirmed a cybersecurity incident perpetrated by a criminal threat actor. During this time, Instructure quickly identified this unauthorized activity and immediately took steps to contain it, including temporarily taking Canvas offline into maintenance mode as a precaution to prevent further unauthorized access. LC State Information Technology (IT) and eLearning Services (eLS) continue to monitor the situation. 

Canvas remains fully operational. There is no disruption to coursework, finals, grading, or other instructional activities. 

What Happened?

On April 25, 2026, Instructure experienced a cybersecurity incident carried out by a criminal threat actor. The attacker was detected on April 29, and access was immediately revoked. On April 30, as the investigation expanded, Instructure revoked additional suspicious access and addressed the underlying vulnerability. 

Instructure has confirmed that LC State is among the organizations whose data was involved. Based on findings to date, the data appears to include personal information associated with Canvas accounts. At this time, there is no indication that passwords, dates of birth, government identifiers (such as Social Security Numbers), or financial information were involved. 

Instructure engaged a leading third-party forensics firm to support its investigation and has notified law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Instructure reports no indicators of an ongoing threat. 

For Instructure's official incident updates, visit: status.instructure.com 

What Is the Current Status?

Canvas, Canvas Data 2, and Canvas Beta are fully operational. Enhanced monitoring and detection controls are in place platform-wide. Instructure continues working with outside forensics experts to determine the full scope of impact. 

LC State IT and eLS are actively monitoring this situation and will communicate updates as new information is confirmed. Watch for follow-up communications from LC State regarding organization-specific data and identity-protection resources for affected individuals. 

What Should You Do?

Be Alert for Phishing Attempts

Security incidents like this are frequently exploited by attackers who send phishing emails impersonating Canvas, Instructure, or college  staff. Be cautious of messages that: 

  • Ask you to re-verify your Canvas login or LC State credentials 

  • Claim your account has been compromised and prompt you to click a link 

  • Request urgent account actions from addresses that resemble — but are not — official LC State or Instructure domains 

  • Include unexpected password reset requests you did not initiate 

If you are unsure whether a message is legitimate, do not click any links. Contact the LC State Help Desk before taking any action. LC State IT will never ask for your password via email. 

For Students and Faculty

  • Continue using Canvas normally — it is fully available and secure to use. 

  • Monitor your email for follow-up communications from LC State with additional guidance. 

  • Be especially alert for suspicious communications in the coming weeks. 

For Faculty and Staff with Administrative or Privileged Canvas Access

  • Ensure multi-factor authentication (MFA) is enabled on your accounts. 

  • Review Canvas admin role assignments and remove any access that is no longer needed. 

  • Contact LC State IT if you observe any unusual activity in Canvas. 

How Do I Report a Suspicious Message?

If you receive an email that appears to be related to this incident or otherwise looks suspicious, report it to the LC State Help Desk immediately. 

LC State IT Help Desk

  • 208-792-2231 

  • Do not forward suspicious emails or click any links before reporting. 

Where Can I Find Official Updates?

Trust only communications from these official sources: 

  • This page — LC State will keep this page updated as new information is confirmed. 

  • Emails sent from eLS using official @lcsc.edu addresses  

  • Emails sent from IT using official @lcsc.edu addresses  

  • Emails sent from Communications ("news") using official @lcsc.edu addresses 

Frequently Asked Questions

Instructure has found no indication that passwords were involved in this incident. However, as a best practice, you may consider changing your LC State password at any time. LC State user credentials are managed within college systems and are not stored by Canvas.

Based on findings to date, there is no indication that government identifiers (such as Social Security Numbers) or financial information were involved. LC State will share more specific information as it becomes available from the ongoing investigation.

Yes. Canvas is fully operational. Instructure has remediated the underlying vulnerability and deployed platform-wide security enhancements. There are no indicators of an ongoing threat.

Yes. LC State and Instructure are committed to providing organization-specific impact information and identity-protection resources for affected individuals. Watch for follow-up communication from LC State.

This page will be updated as new information becomes available. For questions about suspicious emails or password help, contact the LC State IT Help Desk by email  or phone at 208-792-2231. For questions about Canvas access or functionality, contact eLearning Services by email or phone at 208-792-2231.