Instructure Security Incident Update
9 hours ago
- #customer update
- #security incident
- #data breach
- Instructure apologized for communication failures during a recent security incident.
- Unauthorized access affected usernames, emails, course names, enrollment info, and messages; core learning data (course content, submissions, credentials) was not compromised.
- A vulnerability in the Free for Teacher environment was exploited, leading to its temporary disablement for security review.
- Instructure launched an Incident Update page for consistent updates and plans to share a forensics report summary.
- Canvas by Instructure remains operational and safe, with no immediate action required from users.
- An agreement with the unauthorized actor ensured data return, destruction confirmation, and no customer extortion.
- Instructure is working with expert vendors for forensic analysis and system hardening, and organizing a webinar on May 13.
- Customers are advised to refer to the incident update page for latest information and contact support teams as needed.