it.troy.edu logo
Search TROY IT


Search Helpdesk
Quick Links
Information for:
Jump to Main Content
Safe-Connect Logout
Safety Alert System Notice
  • About
    Offices & Hours Announcements Awards & Recognition IT Update (Newsletter) Insights IT Summit IT Employee Area
  • Services
    Classroom Technology Computer Labs Conference Rooms Cyber Security ERP Support (Colleague/Datatel)
    Document Imaging E-mail (Microsoft 365) Flex Classes Support Internet/Networking Software Support
    Technology Quotes Telecommunications Training Video Conferencing/Webinar Website Design & Management
  • Students
    Student IT Homepage 1098-T Consent/Information Canvas Canvas Student Resources Classroom Technology Computer Labs
    E-mail E-mail Password Reset Emergency Alert System Information
    (SOS)     Frequently Asked Questions Internet Access
    LiveText Student Security Student Software Technology Policies TROY IT Orientation
  • Employees
    Employees IT Homepage New Employee Enrollment
    Process (HR)     New Employee IT Checklist Find Your Employee
    (Colleague) ID Number     International Travel Requirements
    Cell Phone Request/Deduction Form Request E-mail Account Request Colleague Account Request Document Imaging Account
    Request VPN Account Reset Your E-mail Password Remote Productivity Tools
  • Policies
    Technology Policies Homepage Generative AI Copyright Information Data Governance Data Reporting
    E-mail Policy Family Education Rights &
    Privacy Act (FERPA)     Information Technology Usage Policy International Travel Requirements
    Security Policy Technology Standardization Guidelines Website Disclaimer World Wide Web Policy
    • IT logo
  • Security
    Security Homepage Account Access and Recovery Mandatory Security Training Emergency Information (SOS)
    Request Guest Network Access Phishing E-mail Messages Admin Systems Security Access
    Authorization Process
    Security Policy Screen Locking Standard Quarterly IT Security Award Winners
  • Projects
    Project Archives
  • Help
    Faculty/Staff Directory Search IT Offices/Hours Helpdesk Knowledgebase Helpdesk LogMeIn Rescue University Police Help Directory Cleaning Computers and Electronics for All Users
  • troy.edu
  • Open Search
Instructure Security Incident
Security Menu
  • Home
  • Take Action
    • Report a Vulnerability
    • Report a Security Incident
    • Report a Stolen Item
    • Report a Phishing Message
    • Change Password
    • Report Abuse of Electronic Resources
  • Education & Guides
    • [External] E-mail Tagging
    • Recent phishing attempts received by University students and employees
    • Best Practices for Securing Your Desktop
    • Learn about copyright, DMCA and University Policies
    • Best Practices for Reducing Spam
    • Use Password Managers
    • OUCH! Security Awareness Newsletter
  • Password Management
  • Phishing
  • Physical Security
  • Theft of Computer Equipment
  • Policies & Procedures
    • Account Access and Recovery
    • Alabama Breach Notification Act of 2018
    • Admin Systems Security Access Authorization Process
    • Copyright Information
    • E-mail Policy
    • Information Technology Usage Policy
    • International Travel Requirements
    • World Wide Web Policy
    • Technology Policies
    • Technology Standardization Guidelines
  • Additional Resources
    • Contact Information Technology
    • Contact University Police
    • Information Technology Website
    • Information Technology Policy
    • University Police
    • Emergency/SOS
  • Quarterly IT Security Award

Instructure Security Incident

Instructure, the vendor that operates the Canvas learning management platform, notified Troy University of a security incident that began on April 25, 2026. The vendor engaged cybersecurity consultants and federal law enforcement agencies. TROY IT is actively monitoring the incident and will update this page as information becomes available.

May 11, 2026, 5:45 PM

TROY IT continues to monitor the recent cybersecurity incident involving Instructure and the Canvas LMS platform.

At 5:45PM Central, today (11 May 2026), Instructure issued an additional update regarding the incident and the threat actors responsible for the attack.

According to Instructure:

  • The company entered into an agreement with the unauthorized actors involved in the incident.
  • Instructure states that data associated with the incident have been returned to them.
  • The company reports it received assurances from the threat actors that the data will not be further distributed or published.
  • Instructure further states that it received proof that copies of the data were deleted.

While there is never complete certainty when dealing with criminal organizations or cyber extortion events, this development may reduce the likelihood of broad public release of data associated with the incident.

Canvas remains operational.

As previously communicated, the primary risk associated with this incident continues to be phishing and impersonation attempts.

Please continue to exercise caution regarding unexpected emails, requests for credentials, or suspicious links.

We appreciate everyone's patience and understanding as this matter continues to evolve.

May 8, 2026, 7:03 AM

NetTutor and Trojan Book Bag are working within the Instructure Canvas environment.

For additional updates, please review sos.troy.edu.

Thanks.

May 8, 2026, 5:34 AM

Yesterday afternoon (7 May 2026), the Canvas LMS environment experienced another significant security-related disruption associated with the ongoing cybersecurity incident affecting Instructure.

Canvas services became unstable during the afternoon of May 7, and the platform was placed into maintenance mode by Instructure while they investigated and contained additional unauthorized activity. Basic platform functionality was restored late last night; however, some features and services may continue to experience intermittent issues or degraded functionality as recovery efforts continue.

According to Instructure’s latest notification:

  • An unauthorized actor modified certain pages viewed by some students and instructors while logged into Canvas at many other universities.
  • Instructure states they quickly contained the activity and temporarily shut down the platform to prevent further unauthorized access.

Their forensic investigation currently indicates:

  • No evidence of persistence within institutional accounts
  • No evidence that TROY credentials were obtained
  • No evidence that additional data was exfiltrated during yesterday’s activity

Instructure also disclosed that:

  • The original breach vector and yesterday’s incident were both tied to vulnerabilities associated with “Free-For-Teacher” Canvas accounts.
  • As a result, Instructure has temporarily disabled all Free-For-Teacher environments globally while remediation work continues.

Canvas production access has largely been restored.

Some integrated services and embedded course resources remain unavailable or unstable, including:

  • NetTutor
  • Trojan Book Bag
  • Various publisher textbook links and embedded third-party course content within Canvas courses

Users may continue to experience intermittent issues while Instructure completes recovery and hardening efforts.

TROY IT staff monitored the incident throughout the night and remained in contact with Instructure representatives during the outage and recovery process.

At this time:

  • There remains no evidence of compromise to Troy University identity systems, Microsoft 365 accounts, ERP systems, or financial systems.
  • There remains no indication that passwords, Social Security numbers, financial information, or government-issued identifiers were exposed.

The primary institutional risk continues to involve phishing, impersonation attempts, and exposure of certain Canvas-hosted communications and user information from the previously disclosed breach activity.

Please continue to exercise caution regarding:

  • Unexpected Canvas-related emails
  • Requests for credentials or sensitive information
  • Links or attachments claiming to relate to Canvas outages, assignments, or account recovery

TROY IT continues coordinating directly with Instructure, monitoring the situation closely, and evaluating any additional impact to university operations.

Additional updates will be distributed as more verified information becomes available.

Thank you for your patience and understanding.

May 7, 2026, 9:57 pm CDT

TROY Community:

At 9:35PM Central, the Canvas system returned to basic operational status.

Be aware, some features of the environment are not operational; Instructure continues to address additional issues.

Please visit https://sos.troy.edu for updates related to system performance.

Thank you for your patience as Instructure addresses the outage.

May 7, 2026, 3:38 PM CDT

The Canvas LMS appears to be unavailable, based on notifications from Instructure/Canvas.

We have contacted their support team for an update.

Please visit sos.troy.edu for updates.

Apologies for the continued inconvenience with the hosted solution from Instructure.

May 6, 2026, 11:00 am CDT

Troy University has been notified by Instructure, the company that hosts the Canvas learning management system, that certain TROY-related data was involved in a recently disclosed cybersecurity incident affecting multiple educational institutions.

According to Instructure, the incident involved unauthorized access to certain Canvas-hosted data. Their investigation remains ongoing with assistance from outside forensic experts and federal law enforcement agencies, including the FBI and CISA.

At this time, Instructure indicates the potentially exposed information may include:

  • Names
  • Email addresses
  • Student ID numbers
  • Usernames/profile information
  • Canvas message content and communications

Importantly, Instructure states there is currently no evidence that the incident involved:

  • Passwords
  • Social Security numbers
  • Financial information
  • Government-issued identification numbers
  • Dates of birth

Canvas production services remain operational, and Instructure reports that the unauthorized access has been contained and the underlying vulnerability remediated.

At this time, Troy University has no evidence that university identity systems, Microsoft 365 accounts, financial systems, or other core university infrastructure were compromised as part of this incident.

However, because names, email addresses, and message content may have been exposed, faculty, staff, and students should remain alert for possible phishing or social engineering attempts. Threat actors may attempt to send convincing emails referencing courses, assignments, instructors, or university business.

We recommend the following precautions:

  • Be cautious with unexpected emails, links, or attachments
  • Verify requests for sensitive information through known contacts
  • Report suspicious emails using the university phishing reporting process
  • Continue using multifactor authentication where available

TROY IT continues to coordinate directly with Instructure and is monitoring the situation closely. Additional updates will be provided if new information becomes available.

Troy University Horizontal Logo
  • Troy, Alabama 36082
  • 1-800-414-5756
  • Questions?
  • Submit Feedback
  • Student Complaints
  • Student Disability Services
  • Accessibility Statement
  • Privacy Statement
  • Read Our Disclaimer
  • Accreditation Statement
  • Sites and Services Index

© 2026 Troy University

Scroll to Top of Current Page