Skip to main content
Close
A-Z
Quick Links

Notice Regarding Canvas Security Incident

Salt Lake Community College is aware of a recently reported data security incident involving Instructure, the company that provides Canvas, the learning management system used by many colleges and universities nationwide, including SLCC.

What Happened

Instructure has reported that it experienced a cybersecurity incident between April 25 and April 30, 2026, which it discovered on April 29. The incident involved unauthorized access to certain Instructure systems used to support Canvas. Based on information provided by Instructure and the Utah System of Higher Education (USHE), SLCC-managed systems were not compromised, and the incident was limited to systems operated by Instructure.

Instructure has engaged law enforcement and third‑party forensic experts and reports that it has taken steps to contain the incident and restore normal Canvas operations.

What Information May Be Involved

According to Instructure, the information involved may include:

  • Names
  • Email addresses
  • Institutional student ID numbers
  • Messages exchanged within the Canvas platform

Instructure has stated that it does not believe passwords, dates of birth, government identifiers, or financial information were compromised. At this time, Instructure has not identified specific individuals or confirmed which users were affected.

What Students Need to Do

Because this incident involved Instructure's systems and not SLCC-managed systems, there is nothing students need to do to secure their SLCC or Canvas accounts. The information identified by Instructure as potentially involved cannot be used to log in to Canvas or other college systems.

However, SLCC encourages students to remain cautious and practice good digital safety habits:

Be alert for unexpected or unsolicited emails claiming to be from Canvas, Instructure, or SLCC—especially those asking for personal information or prompting urgent action.

Do not click links or download attachments from suspicious messages. Resetting your password is not required, but if you choose to do so, access Canvas or SLCC systems directly rather than through an email link (Password Reset instructions).

Ongoing Monitoring and Support

SLCC is working closely with USHE and Instructure to monitor this situation. USHE has notified the Utah Cyber Center and the Utah Office of the Attorney General regarding the incident. We will share additional information if Instructure identifies affected users or provides identity protection resources.

As a general precaution, USHE recommends that individuals remain vigilant for possible signs of identity misuse over the next 12 - 24 months, consistent with federal guidance.

Helpful information about protecting yourself after a data incident is available from the Federal Trade Commission.

Where to Find Updates

Instructure Status Page

Additional information from USHE institutions may also be posted as details become available.

If you have questions or concerns, you may contact the IT Help Desk or SLCC's Privacy Officer.

SLCC will continue to monitor the situation and provide updates as appropriate.