Instructure Discloses Cyber Incident, Investigates Impact on Canvas Platform

Instructure, the company behind the widely used Canvas learning management system, disclosed on March 2 2026 that it had identified a cyber incident affecting its internal infrastructure. The breach was discovered after anomalous activity was spotted on authentication servers, prompting an immediate shutdown of the compromised systems. Instructure has retained a leading forensic firm to conduct a comprehensive investigation and is coordinating with federal law‑enforcement agencies, including the FBI, to determine the full scope of the intrusion.

Early forensic findings indicate that the threat actors may have exfiltrated a limited set of data, such as user email addresses, hashed passwords, and certain course metadata. The company emphasized that there is currently no evidence that production learning content, grades, or other core Canvas services were altered, and that the incident appears confined to a subset of internal administrative systems.

In response, Instructure has forced password resets for affected accounts and deployed additional monitoring and hardening measures across its cloud environments. The firm is also notifying impacted educational institutions and providing guidance on securing user accounts. Instructure has committed to publishing a detailed incident report once the forensic analysis is complete.