Update on May 12, 2026
To: Students, Faculty, and Staff,
We write to provide an update regarding the recent security incident involving Canvas (see https://www.instructure.com/incident_update).
At this time, Canvas remains operational and available for use, and the Institute will continue to support its use to ensure continuity of teaching, learning, and administrative functions.
While the vendor has communicated steps it has taken to address the incident, including containment and remediation efforts, there is inherent uncertainty associated with cybersecurity events of this nature. We therefore ask all users to exercise heightened caution.
Security Alert – Phishing and Impersonation Activity
We have heard external reports of an increase in impostor websites and phishing emails attempting to exploit this situation.
Please take the following precautions:
- Only access Canvas through official university links and bookmarks
- Do NOT enter your credentials on unfamiliar or suspicious websites
- Do NOT provide sensitive or personal information, including:
- Social Security numbers
- Dates of birth
- Passwords or multi-factor authentication (MFA) codes
Caltech will never request this type of information via email or external websites.
Recommended Best Practices
- Avoid uploading or storing highly sensitive or confidential information in Canvas (or other online tools) where possible.
- Be cautious of unexpected emails, links, or password reset prompts.
- Report suspicious activity immediately to the Information Security team.
- Maintain strong password hygiene and do not reuse credentials across systems outside Caltech.
- Frequently backup your data, including course scores, across all third-party educational tools.
Our team continues to monitor the situation in coordination with campus leadership and trusted partners. We will provide updates as additional information is available. Visit https://www.imss.caltech.edu/news for more information.
Thank you for your vigilance and cooperation.
Sincerely,
Caltech IMSS and Caltech Canvas Support
--Update on On May 7, 2026
Canvas experienced an outage lasting approximately seven hours (1:45 PM – ~9:00 PM PDT). This followed a recently disclosed cybersecurity incident earlier in the week.According to updates from Canvas (Instructure), the incident involved unauthorized access to certain user information, which may include names, email addresses, student IDs, and messages exchanged within Canvas. At this time, Canvas has stated that there is no evidence that passwords, financial information, or government identifiers were accessed. https://www.instructure.com/incident_update.
However, there remains a possibility that risk is still elevated. At this time, Caltech IMSS is advising Caltech Canvas users to limit their access to Canvas until further notice.
Guidance for UsersStudents and Auditors:
- You may continue to access Canvas to view course materials.
- Please avoid uploading new content or submissions at this time.
- Consider printing your scores in Canvas and downloading your assignment submissions: https://community.instructure.com/en/kb/articles/661305-how-do-i-view-my-grades-in-a-current-course.
Faculty and Instructors:
- Back up your course data (including student submissions and grades): https://canvas.caltech.edu/backing-up-course-data. We recommend doing this as soon as possible.
- Avoid uploading new materials or entering grades into Canvas.
- For alternative storage and sharing of materials, we recommend Caltech-secured Google Drive. Please ensure share permissions are set to "California Institute of Technology."
- For new student submissions, we recommend using Caltech-secured Google Forms.
- The following tools remain available: Gradescope, EdStem, Piazza and can be accessed using your Caltech credentials.
Postdocs and Staff:
- If you use Canvas for instructional, research, or program-related activities, you may access the system for viewing or retrieving information only.
- Please avoid uploading new data or content into Canvas at this time.
- If you maintain program materials or shared content in Canvas, consider backing up critical files and using approved alternatives (e.g., Google Drive or Caltech Box).
We will continue to monitor updates from Canvas and provide additional guidance as more information becomes available. You can find updates here: https://www.imss.caltech.edu/news. For more additional information, please contact [email protected].
--Original, posted May 5, 2026:
IMSS is aware of a recently disclosed security incident involving Instructure, the vendor that provides the Canvas learning management system. Caltech is actively monitoring the situation and working with the vendor to understand any potential impact to our community.
What We Know
Based on information provided by Instructure, the incident has affected multiple institutions. The information potentially involved includes limited user profile and activity data, such as:
- Name
- Email address
- User ID number
- Messages exchanged within the platform
At this time, there is no evidence that the following types of sensitive information were exposed:
- Passwords
- Dates of birth
- Government-issued identifiers
- Financial information
Impact to Caltech Users
- There is no current impact to system availability or access to Canvas.
- Users may continue to use Canvas as usual.
- We have not identified any additional risk requiring immediate user action.
What You Should Do
While no specific action is required at this time, we recommend standard security best practices:
- Remain vigilant for unexpected or suspicious emails
- Avoid clicking on unfamiliar links or attachments
- Report any suspicious activity to the IMSS Help Desk
Our Ongoing Response
IMSS Information Security and the Canvas at Caltech team are continuing to:
- Monitor updates from Instructure
- Assess any potential impact to Caltech
- Coordinate with campus partners and leadership
If our assessment changes or additional actions are required, we will post updates and notify Canvas users promptly.
Additional Information
For updates from the vendor, please refer to:
If you have questions or concerns, please contact the IMSS Help Desk.
Thank you for your attention and for helping us maintain a secure environment.