IMSS is aware of a recently disclosed security incident involving Instructure, the vendor that provides the Canvas learning management system. Caltech is actively monitoring the situation and working with the vendor to understand any potential impact to our community.
What We Know
Based on information provided by Instructure, the incident has affected multiple institutions. The information potentially involved includes limited user profile and activity data, such as:
- Name
- Email address
- User ID number
- Messages exchanged within the platform
At this time, there is no evidence that the following types of sensitive information were exposed:
- Passwords
- Dates of birth
- Government-issued identifiers
- Financial information
Impact to Caltech Users
- There is no current impact to system availability or access to Canvas.
- Users may continue to use Canvas as usual.
- We have not identified any additional risk requiring immediate user action.
What You Should Do
While no specific action is required at this time, we recommend standard security best practices:
- Remain vigilant for unexpected or suspicious emails
- Avoid clicking on unfamiliar links or attachments
- Report any suspicious activity to the IMSS Help Desk
Our Ongoing Response
IMSS Information Security and the Canvas at Caltech team are continuing to:
- Monitor updates from Instructure
- Assess any potential impact to Caltech
- Coordinate with campus partners and leadership
If our assessment changes or additional actions are required, we will post updates and notify Canvas users promptly.
Additional Information
For updates from the vendor, please refer to:
If you have questions or concerns, please contact the IMSS Help Desk.
Thank you for your attention and for helping us maintain a secure environment.