Canvas

Update - May 26, 2026

Utah Tech has received confirmation from Instructure that Utah Tech data has not been compromised. While this is great news for Utah Tech students and faculty, this incident serves as a good reminder of the importance of healthy cybersecurity practices. Please continue to be diligent about basic cybersecurity protections, as outlined at the bottom of this page.

Incident Timeline

May 22, 2026

Beginning on May 21, 2026, Instructure began providing information to clients whose data was affected. At this time, Utah Tech is reasonably certain that Utah Tech data has not been compromised.

May 15, 2026

Instructure announced they “reached an agreement with the unauthorized actor involved in this incident.” Instructure indicated the data was returned and will not be released to the public. Instructure’s updates can be found here: https://www.instructure.com/incident_update

Notwithstanding any Instructure agreement with the unauthorized actor, Utah Tech continues to closely monitor the situation and is seeking confirmation from Instructure regarding what data may have been compromised.

May 8, 2026

Utah Tech University is aware of the recent cybersecurity incidents involving Instructure Canvas. These incidents are broad and have potentially affected all Canvas users worldwide. As a Canvas customer, Utah Tech has been notified of the security incidents, and we are working to determine if Utah Tech data has been affected. No systems directly operated by Utah Tech have been compromised. Utah Tech does not house financial information, student conduct information, or government identifiers (SSN, Driver’s License, home addresses, or birthdates) in Canvas. We are actively monitoring the situation with Canvas and will provide updates as soon as we receive them.

For more details regarding these incidents, see USHE Public Notice. For more information from Instructure, please see Instructure’s Security Incident Update and FAQ.

At this time, please continue to remain diligent about basic cybersecurity protections, including:

  • Stay alert for suspicious messages. Do not click links in unsolicited messages claiming to be from Canvas, Instructure. Take note of how to identify a phishing attack.
  • Do not click links in unexpected emails that appear to come from Canvas or Instructure. Report anything suspicious: report phishing.
  • Utilize links on Utah Tech sites to reach Canvas and other University services.
  • Never share your password or a two-factor code with anyone, even someone who claims to be from a trusted organization.
  • Be cautious with links and attachments from unknown senders. Both can carry malware that compromises your device or steals your information.
  • Keep your software and operating system up to date. Updates patch known security weaknesses that attackers rely on.