Q: What happened?
- On May 1, 2026, Instructure disclosed a confirmed cybersecurity incident on their official status page. Instructure is actively investigating the incident with outside forensics experts and is working to understand the full extent of what occurred.
ITS is tracking this incident closely and will notify the university community if any Idaho State University data or systems are confirmed to be affected. At this time, we do not know if ISU data are affected.
Q: What should I do?
- Security incidents like this are frequently exploited by attackers who send phishing emails impersonating Canvas, Instructure, or university ITS staff. Be alert for messages or alerts that:
- Ask you to re-verify your Canvas login or university credentials
- Claim your account has been compromised and prompt you to click a link
- Request urgent account actions from addresses that resemble, but are not, official university or Instructure domains
- Include unexpected password reset requests you did not initiate
- Ask you to Accept any Duo requests if you are not logging in
Note: If you are ever unsure whether a message is legitimate, do not click any links. Contact the ITS team before taking any action.
ITS will never ask for your password via email.
Q: How do I report a suspicious message?
- If you receive an email that appears to be related to this incident or looks suspicious, report it immediately to the ITS help desk.
Note: If you are ever unsure whether a message is spam or a malicious phish, you can always report it to ITS for analysis.
Q: Where can I find official updates?
- Only trust communications from the following official sources regarding this incident:
Q: Is Canvas still available?
- At this time, Canvas remains accessible and secure to use. ITRC and ITS are monitoring system availability and will notify the university community immediately if there are any changes to service status. The ITRC staff are quickly responding to any operational issues with Canvas.