Instructure, the vendor providing our Canvas learning management system, experienced a cybersecurity incident in April-May 2026 that affected all of their customers. After a brief outage on May 7, 2026 the UAH Canvas service was restored on May 8.
MAY 11 UPDATE:
On May 9, Instructure CEO Steve Daly provided additional information about the incident. He indicated that incident involved unauthorized access to part of the Canvas environment. The data involved included information like usernames, email addresses, course names, enrollment information and messages. Core learning data (course content, submissions, credentials) was not compromised. He also indicated that the Free for Teacher environment in Canvas has been temporarily disabled. This should not affect UAH as we do not use the Free for Teacher environment.
What We know
On April 29, Instructure detected unauthorized activity; an unauthorized actor downloaded information about faculty, staff, and student users of Canvas. Instructure confirmed, soon afterward, that the data consisted of names, email addresses, student ID numbers, and messages among Canvas users.
The outage on May 7 was a result of a proactive effort by Instructure to mitigate the cybersecurity incident.
As of May 8, there has been no evidence that passwords, dates of birth, government identifiers, or financial information have been disclosed.
This attack was not against UAH information systems, and we currently have no indication that any data residing on UAH information systems was put at risk.
What You Need to Know
- Be wary of "Urgent" requests and be alert for targeted phishing emails - The group responsible for this breach may attempt to send highly convincing phishing emails. Continue to be alert to unsolicited emails or messages appearing to come from Canvas, particularly any requesting login credentials or personal information.
- Information from Instructure can be found at their Incident Update page.
- While this incident is concerning, Instructure took appropriate action immediately after the event. Actions they took include revoking internal credentials, rotating security keys, and deploying patches to close the specific vulnerability exploited by the hackers. Instructure has a history of compliance with rigorous third party audits and published compliance with third party standards such as SOC 2 Type II certification and ISO 27001.
Continued Monitoring
- OIT and ETLC are monitoring the situation closely. ETLC will publish guidance via email to faculty in the event Canvas is intermittently available during the Summer semester.
- OIT and ETLC will continue to provide updates via email and/or updates to this Knowledge Base article. If you have ongoing technical or cybersecurity concerns, please contact helpdesk@uah.edu or call 256-824-3333.
OIT (and the larger community of UAH staff and faculty) appreciate the patience of our users as we work through this issue with Instructure.