Canvas Security Incident Updates

Canvas Security Incident Information

Update – May 8, 2026:

After continued review of the recent Canvas security incident and the latest updates provided by Instructure, Eastern Washington University will begin restoring Canvas access and returning the system to normal operations. 

Instructure has stated that the incident has been contained and that additional remediation and security measures have been implemented. According to the vendor, these actions include revoking compromised access, rotating credentials and keys, restricting certain account pathways, and implementing additional monitoring and hardening measures across the platform. 

Over the past several days, the university has worked closely with technology, security, academic, and operational stakeholders to assess the situation and evaluate both institutional risk and the broader impact to university operations and instructional continuity. Based on the information currently available, and consistent with actions now being taken by higher education institutions nationwide, the university has made the business decision to restore service while continuing to closely monitor the situation and evaluate any new information as it becomes available. 

As a precautionary measure, faculty and staff are encouraged to remain vigilant for phishing and social engineering attempts, particularly emails or messages impersonating Canvas, Instructure, university technology staff, or requests for login credentials or sensitive information. Faculty are also encouraged to maintain university-approved backups of critical course materials and data in OneDrive or Google Drive. We strongly discourage storing this information on hard drives or on USB devices. Our Instructional Technology team is available to assist faculty with course exports, backups, and continuity planning as needed. 

We appreciate your patience, flexibility, and partnership throughout this situation. EWU’s Information Security Office will continue monitoring the situation closely. Updates will continue to be posted to this page as additional information becomes available.

Update – May 7, 2026: 

We are currently aware of a widespread security incident affecting Canvas, resulting in a total service outage and impacting educational institutions worldwide. At this time, users are unable to log in or access course materials.

Because this is an active situation, we do not currently have an estimated time for restoration. We are monitoring the situation closely and will provide updates as soon as more information becomes available. All classes continue as scheduled.

Update – May 6, 2026: 

Eastern Washington University has been made aware of a third-party security breach potentially affecting many institutions globally that use Canvas, a learning management platform employed at EWU.

Canvas provider Instructure has notified EWU that a criminal threat actor obtained personal data from its systems associated with the university’s account. Based on Instructure’s analysis to date, the data does not include passwords, dates of birth, government identifiers, or financial information. We do not yet have information about whose information at EWU may have been impacted by this breach.

Instructure has indicated that its system is operational again and available for normal use.

EWU’s Information Security Office will continue to monitor the situation and provide updates as they become available. It also recommends vigilance in protecting personal information and caution regarding phishing attempts.