Instructure (Canvas) Security Incident

Instructure, the vendor that provides the Canvas learning management system, has reported a security incident. This is not specific to the University of Michigan and is affecting other institutions that use Canvas, including all three U-M campuses.

Users who entered their U-M username and password into an unfamiliar Canvas login page on May 7 should change their UMICH password immediately. Information and Technology Services temporarily restricted access to Canvas while working on protecting university systems and data.

As of 12.30 pm on May 8, Canvas access has been restored across all University of Michigan campuses. Users can resume normal activity in the system. Some integrations or connected services may continue stabilizing as restoration activities are completed.

For additional information, see the Nationwide Canvas Security Incident FAQ.

Instructure, the vendor that provides the Canvas learning management system, has reported a security incident. This is not specific to the University of Michigan and is affecting other institutions that use Canvas, including all three U-M campuses.

Information and Technology Services has temporarily removed access to Canvas while teams investigate the issue and implement security measures to protect university systems and data.

This is an active and fluid situation and ITS teams are communicating with Instructure, and coordinating with appropriate university partners. We recognize the disruption this may cause, particularly during a busy time of year, and we are working as quickly and carefully as possible to restore access when it is safe to do so.

We will share additional updates as more information becomes available, including guidance on when access will be restored. For the latest updates regarding this incident, please visit the ITS Status Page (U-M Login required). 

As part of the ongoing investigation into the Canvas security incident, ITS has identified that some users may have encountered an unfamiliar login page on 5/7/26 while attempting to access Canvas

The page appeared different from the standard University of Michigan single sign-on (SSO) login experience and may have looked more like a native Canvas login screen.

If you entered your U-M username and password into an unfamiliar Canvas login page, we strongly recommend that you change your UMICH password immediately.

You can change your password using the following link:
https://okta.umich.edu/account-settings/security

Please note:
Seeing the page alone does not necessarily mean your account was impacted. However, if you entered your credentials into the unfamiliar login page, you should change your password immediately. As part of ongoing containment efforts, ITS has temporarily restricted access to Canvas and disabled related APIs.

For additional information, see the Nationwide Canvas Security Incident FAQ.

If you have questions or believe your account may have been impacted, please contact the ITS Service Center.

Please contact ITS Information Assurance through the ITS Service Center.

• What we know about the Canvas hack impacting thousands of schools (CNN.com)
• Canvas Online Learning Platform Shut Down for Hours After Cyberattack (NYTimes.com)