Canvas: Security Incident
The following email was sent to campus with an update on the security incident.
We are writing to share an update about a recent security incident involving Instructure, the company that provides Canvas.
You do not need to take any action. Your Clark Account password was not part of the breach. Instructure never knows your Clark Account password.
Canvas is fully operational and Instructure has implemented additional safeguards to better protect the environment. There is no indication that Clark users need to stop using Canvas.
Although there is no evidence of related phishing at this time, we encourage everyone to be especially cautious with unexpected emails, especially messages related to Canvas courses, asking you to click a link, open an attachment, or provide login information.
What We Know
On April 29, Instructure detected unauthorized activity in the Canvas environment used by institutions worldwide. They immediately revoked access, started an investigation and engaged CrowdStrike, an outside cyber-forensic expert.
On May 7, the same unauthorized actor accessed the system again. Out of caution, Instructure took Canvas offline to contain activity, investigate and apply additional safeguards.
On May 11, Instructure confirmed that measures have been taken to secure the compromised data and prevent its publication.
How This Impacts Clark
At this time, ITS is awaiting the exact data impacted by this incident from Instructure. Instructure has stated that it could include usernames, email addresses, course names, enrollment information and Canvas messages. We have been told that it does not include passwords, course content or submissions.
What Happens Now
Clark ITS will continue to work closely with Instructure and our security partners, to identify the data that has been impacted and take appropriate actions. If any further action is required, we will provide additional information via email and the ITS status page.
Instructure has provided a comprehensive incident information page with a timeline, communications, and frequently asked questions. For Clark-specific updates, monitor our status page.
Support
If you have any questions about this incident after reviewing Instructure’s incident page, please contact the ITS Help Desk (support.clarku.edu, helpdesk@clarku.edu, or 508-793-7745).
Instructure has provided an FAQ and update on the security incident. You can read more here.
Instructure, the parent company of Canvas, is reporting a nationwide security incident. Instructure believes the incident is now contained.
Canvas remains available and functional.
We are actively monitoring updates from Instructure and assessing the impact on Clark data. You can learn more from the Instructure Incident Report.
If you have any questions about this incident, please contact the ITS Help Desk at 508-793-7745 or helpdesk@clarku.edu.
- Canvas
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We've sent you an email — please check your inbox and click the link to continue.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Microsoft Teams{{ value }}
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Clark University - ITS Status Page, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Clark University - ITS Status Page.
Subscription Confirmed
Your email has been verified — you'll now receive status updates from Clark University - ITS Status Page.