Instructure Cybersecurity Incident Update

May 6, 2026

Carroll Community College is aware of a cybersecurity incident involving Instructure, the company that provides the Canvas learning platform. This incident was not specifically targeted at Carroll. Instructure supports thousands of institutions globally, and this appears to be a vendor-level issue that may affect multiple organizations. 

At this time, Canvas remains available, and students and faculty should continue using the system as normal. 

What Happened 

On May 1, 2026, Instructure reported that unauthorized individuals accessed certain information within its systems. Unauthorized access has since been removed. 

Based on current information from Instructure, data that may have been exposed at impacted institutions could include names, email addresses, student identification numbers, and messages sent within Canvas. Instructure has stated there is no evidence at this time that passwords, dates of birth, government-issued identification numbers, or financial information were affected. This assessment may change as the investigation continues. 

What Carroll Is Doing 

Carroll is actively monitoring the situation and working closely with Instructure to understand any potential impact on the College and its users. Updates will be shared as more information becomes available. 

What You Should Do 

Remain vigilant for potential phishing attempts. Phishing occurs when an individual impersonates a trusted source, such as the College or Canvas, to obtain sensitive information. 

Be cautious of:  

• Emails requesting that you verify your account or urgently reset your password 

• Unexpected messages containing links or attachments 

• Emails with spelling errors or unfamiliar sender addresses 

• Links that do not match official College or Canvas websites 

To help protect your information:  

• Access Canvas through My Carroll or by manually typing the Canvas URL into your browser 

• Avoid clicking login links in emails unless you are confident they are legitimate 

• Hover over links to confirm the destination before selecting them 

• If unsure, contact the Enterprise Service Desk before taking action at ithelpdesk@carrollcc.edu or 410-386-8080 

Reauthorization of External Tools (LTIs) 

As a precaution, some external tools or applications integrated with Canvas may prompt users to reauthorize access. Only proceed with reauthorization if you recognize the tool and trust the request.