Update // May 11, 2026 6:45 PM
We have received another update from the CEO of Instructure. In this email, he indicates that Instructure has reached an agreement with the unauthorized actor involved in this incident. As part of that agreement, the data was returned to Instructure and they received assurances that the data will not be further shared on the dark web or elsewhere. Additionally they received proof that any copies of the data were deleted.
This is really good news and will hopefully hold true. Campus Technology would continue to advise you to exercise a heightened awareness for an increase in phishing attempts, especially those that could take advantage of this incident, even if the threat actor is not a part of the same group that exploited Canvas. Specifically, please be wary of emails claiming to offer support or services to assist victims of data breaches.
Campus Tech has created the resource Smarter Phishing Attempts: Follow-up to the Canvas Data Breach with additional guidance on how to spot these phishing attempts.
Update // May 10, 2026 7:12 AM
The CEO of Instructure has emailed us with further details regarding the investigation of this data breach. Below is the quoted text:
This incident involved unauthorized access to part of our environment. The data fields involved include information like usernames, email addresses, course names, enrollment information and messages. Core learning data (course content, submissions, credentials) was not compromised. We’re still validating all findings, but we want to be clear about what we understand was and wasn’t affected.
Once again, the greatest threat following a data breach like this where information that is not truly sensitive has been compromised is an increase in smarter, more effective phishing attempts. By using information that is specific to you (e.g. referencing a course you took or a classmate’s name) can be leveraged to establish trust which can then be exploited with a future message.
Update // May 8, 2026 6:42 AM
Overnight, the CEO of Instructure has emailed us to let us know that after finding that an unauthorized user had modified pages within Canvas. Canvas made the decision to take down Canvas to prevent further action by the unauthorized user.
While we still do not have details about how SBTS was specifically affected, we can offer this general advice following an incident like this where non-sensitive contact information such as an email address may have been compromised. You may see an increase in the number of phishing attempts made to your email address. When you receive an email address from an unknown sender, especially an email that offers some sort of financial incentive or is leveraging emotion such as fear to convince you to click a link, think before you click! It is always safer to delete the email than to engage with the email.
Update // May 7, 2026 7:37 PM
At this time, Canvas appears to be available. We will continue to monitor this incident and will make you aware of any actions that you might need to take. To check on the status of Canvas at any time, please use the site https://status.instructure.com/.
On May 5, SBTS was notified that Instructure, the parent company of Canvas, experienced a cybersecurity incident that affected multiple institutions, including our Canvas environment.
Based on the information provided by Instructure at this time, their security teams have found no indication that passwords, dates of birth, government-issued identification numbers, or financial information were involved in the incident. Additionally, Southern Seminary does not store Social Security numbers, medical records, or financial information within Canvas.
Based on the types of information maintained within Canvas, the following data may have been impacted:
- Student names
- Student email addresses associated with Canvas accounts
- Student ID numbers
- Course-related information, including schedules, assignments, grades, and course comments
We are continuing to monitor the situation to better understand the scope and impact of this incident. As additional information becomes available, we will provide updates regarding how our systems or data may have been affected, along with any recommended actions.
Unfortunately, the incident appears to be ongoing, and Canvas is currently unavailable system-wide while Instructure investigates and responds to the issue. We do not currently have an estimated timeframe for restoration of service.
For updates regarding Canvas system availability, please refer to the official Instructure Status page:
Instructure Status Page – https://status.instructure.com/