Canvas Security Incident May2026 FAQ

Tags Canvas

Canvas Security Incident FAQ

1. What happened?

Instructure, the company that provides our Canvas learning management system, has reported a cybersecurity incident involving a criminal threat actor accessing certain Canvas customer data. This incident involves Canvas customers across institutions nationwide and globally, and is not specific to St. Edward’s University, though our institution has been identified by Instructure as affected.  See this Canvas site with a Security Incident FAQ: https://www.instructure.com/incident_update

 

2. Was sensitive personal information exposed?

Based on the information currently available, certain user data associated with Canvas may have been accessed, including names, email addresses, and messages sent within Canvas.

St. Edward’s intentionally limited the data shared with Canvas when configuring our integration, and therefore student ID numbers were not accessible via Canvas. Instructure has stated that the following types of data were not involved in this incident:

  • Passwords
  • Social Security numbers or other government-issued identification
  • Financial or payment information

 

3. Were Canvas messages accessed?

Instructure has indicated that messages sent within Canvas may have been accessed for affected institutions. We do not yet have information confirming which messages or individuals may have been involved.

4. Do I need to change my password?


Your St. Edward’s account does not share its password with Canvas. As a result, your credentials remain secure and were not compromised during this incident

 

5. Why are some Canvas tools asking to be reauthorized?

As part of Instructure’s response, applications that integrate with Canvas were required to reauthorize their connections. This required some faculty and staff to take action within Canvas to restore functionality for certain tools.

IET has contacted impacted faculty and staff directly with guidance.

 

6. What should I do if one of my Canvas integrations is not working?

If you experience difficulty with an application integrated with Canvas and have not received guidance from IET, please contact:

support@stedwards.edu

 

7. What is St. Edward’s doing about this incident?

Our team conducted a thorough review of our systems and integrations and took steps to further secure access credentials and system connections.  IET will continue to monitor the situation closely and expects a full accounting from Instructure regarding their data breach. 

8. How can I back up grades, assignment submissions, or quiz responses in Canvas?

  • Grades: Download a copy of your gradebook by using the Export button at the top right of your Grades page.
  • Assignments: Download assignment submissions by using the Download Submissions button on the top right of the Assignment page
  • Quiz Responses
    • Classic Quizzes: When you're on the quiz page, go to Quiz Statistics and then click Student Analysis. It will generate a .csv file with the questions and their answers. 
    • New Quizzes: In Quizzes, select the three-dot icon next to your quiz and click Build. Click the Reports tab, then click Generate Report in the Student analysis section. Select Export CSV to download the spreadsheet of student responses and details.

9. While this particular incident’s responsibility was outside of the St. Edward’s community, it is always a great time to make sure your personal accounts are protected. Here are some great tips:

  • Regularly check haveibeenpwned.com to see if your personal accounts/emails have been involved in data breaches.

  • Use unique passwords for all online services. For extra security and easier management, use a password manager like 1Password, BitWarden, or LastPass.

  • Enable mutli-factor authentication on all accounts. It is already enabled for your St. Edward’s account. 

  • Monitor your credit score with free credit monitoring tools to stay alert of potential fraud.

  • Be cautious of targeted scams using exposed email addresses to impersonate school staff or classmates. These messages often reference real courses or deadlines to appear convincing.

  • Avoid clicking unexpected links, downloading files, or sharing sensitive info. Verify unusual requests through official channels and report suspicious activity to support@stedwards.edu.
     


 

Was this helpful?
0 reviews
Print Article