Skip To Main Content

Instructure Cybersecurity Incident

Notice of Instructure Cybersecurity Event

May 11, 2026 Update

Canvas access is fully restored, and we have been informed that Instructure settled with the group that caused the data breach. According to Instructure, all data was returned to them, and the issue has been resolved for all customers.

Update from Instructure CEO Steve Daly: 

To our Instructure Community,

We know that for many of our customers, concerns about the potential publication of data related to this incident remain top of mind. We want to acknowledge those concerns directly – we understand how unsettling situations like this can be, and protecting our community is also a top priority for us.

With that responsibility in mind, we reached an agreement with the unauthorized actor involved in this incident. As part of that agreement, the data was returned to us, we received assurances that it will not be further shared on the dark web or elsewhere, and we received proof that any copies of that data were deleted. Further, we have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise. While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give our customers additional peace of mind, to the extent possible.

We are sharing this update in the continued interest of transparency and so that our customers know that we have addressed this element of the incident directly. To reiterate, the agreement covered all of our customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.

We appreciate your patience and trust as we continue to respond to this incident thoughtfully and comprehensively. We remain committed to providing meaningful updates as our work progresses.

Regards,

Steve Daly, CEO, Instructure

May 7, 2026 Update

Currently, the Canvas website is completely down and inoperable for students, parents, and teachers. Out of abundance of caution, we have removed Canvas from ClassLink until this issue has been resolved.

Instructure has confirmed that only limited data—such as names, emails, school assignments, and internal Canvas messages—may have been involved. We do not share Social Security numbers or financial records with Canvas. 

 

May 6, 2026 Update

Gainesville City School System is aware of a worldwide security incident involving Canvas, our learning management system. This was a vendor-side incident. The internal networks and systems of the Gainesville City School System were not breached nor compromised.  We are actively monitoring updates from Instructure and assessing any impact on our district. Updates from Instructure, the parent company of Canvas, are available on their status page. We will continue to monitor the situation and provide relevant updates as new information emerges.