Canvas LMS Update
Summary
Instructure reported in May that UM was among 9,000 public K-12 and higher education institutions around the world impacted when hackers were able to access Canvas databases on April 29 and May 7, 2026.
According to Instructure, the incident has been contained and Canvas is fully operational, with no evidence of ongoing unauthorized access.
Instructure said it has found no indication that passwords, dates of birth, government identifiers, or financial information were involved in this incident.
The MUS and UM cybersecurity teams take seriously the privacy and security of our community’s information and are in regular contact with Instructure to determine the specific impacts to our students and faculty.
What You Can Do
While we continue to gather information, we encourage students and faculty who use Canvas to remain vigilant:
- Be cautious of unexpected emails or messages claiming to be from Canvas or the university
- Do not click on unfamiliar or suspicious links
- Verify communications through official university channels
- Report suspicious messages or activity to UM cybersecurity office
Stay Informed
We will share updates on this page as more information becomes available, including any actions individuals may need to take. Additionally, Instructure has created a webpage on its website with further information regarding the incidents.
Questions
Direct questions to UM cybersecurity office or John Thunstrom