On May 1, 2026, Instructure — the company that owns and operates the Canvas platform — disclosed that a recent security incident has resulted in a data breach. Instructure has now confirmed that the University of Memphis was included in that breach.

Further information is now available on Instructure's incident update page: https://www.instructure.com/incident_update

What happened?

On May 1, Instructure released a statement disclosing the security incident. At that time, the full scope and timeline was not publicly known. On May 5, Instructure contacted the University to confirm that our data was included and provided further information about the attack:

On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. We detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, we revoked additional suspicious access and addressed the underlying vulnerability. We have found no indicators of an ongoing threat.

Was my information stolen?

As of May 5, the investigation into the incident is ongoing. While Instructure has not yet released full details of the data included in the breach, they have provided the following information:

While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.

Is my UofM account safe?

UofM accessed via Single Sign-On, meaning your UofM account password is separated from the Canvas environment.

Was the University of Memphis targeted?

This incident was the result of an attack on Instructure. While many or all of Instructure's clients, including the UofM, were in the data breach, the attack was not directed at any one institution.

What are Instructure and the University doing to address the incident?

At present, this incident is being investigated and otherwise addressed by Instructure, assisted by third-party security experts and law enforcement. They have stated the incident has been contained.

UofM ITS will continue to monitor the situation and work with Instructure to determine its impact on our community.

What should I do?

• Watch for phishing emails. Never click links to unfamiliar URLs in emails, especially from unknown or unexpected senders. For more tips to avoid phishing scams, visit our IT Security Phishing webpage.

• Access Canvas directly. Instead of clicking links to open Canvas, enter https://memphis.instructure.com/ in your browser address bar to access your Canvas account and messages.

• Never approve unexpected Duo login requests. Deny the request, change your password, and report the incident to the ITS Service Desk.

• Report suspicious activity to the UofM ITS Service Desk. Open a service request online, email umtech@memphis.edu or call 901.678.8888.

More Info