Instructure, the company that runs the Canvas learning management system used by millions of students, teachers, and schools worldwide, has disclosed a cyber incident. The company is actively investigating the breach to determine what data may have been accessed and who could be affected. Canvas is used in K–12 schools, colleges, and universities to manage assignments, grades, and class communication.
If you or your children use Canvas — to submit homework, check grades, or message teachers — your account information could potentially be involved. Affected products include Canvas web, iOS app, and Android app across all versions. Instructure has not yet confirmed exactly what data was accessed, so it is a good idea to take a few quick precautions while the investigation continues.
How to check if you’re affected
- Watch for notifications from your school or university. Instructure is working with educational institutions to notify users whose data may have been exposed. Check your school email for updates.
- Update your Canvas password. Log into Canvas on any device and change your password to a strong, unique one you don’t use on other sites.
- Review your Canvas account and app versions. In the Canvas mobile app, go to Settings to confirm you’re running the latest app version, which includes the most recent security updates.
- Enable multi-factor authentication (MFA) if your institution supports it — this adds an extra layer of protection beyond just your password.