Update: Canvas Security Incident
Tuesday, May 12, 2026, 3:33pmTO: Campus Community
FR: Stacey Bosick, Interim Provost and Vice President for Academic Affairs
This is an update to share information on the recent global cybersecurity incident involving Instructure, the company that provides Canvas, Sonoma State University's learning system. This communication contains information we have received directly from Instructure.
Instructure has reported that they’ve reached an agreement with the threat actors responsible for the incident. As part of that agreement, the actors provided evidence that they deleted the data they took. They also stated they will not share the data publicly or contact universities or individuals to demand payment.
Protecting the privacy and security of students and employees remains a top priority. From the outset of this event, our priority has been to communicate openly and transparently with our campus community while working closely with Canvas and monitoring the situation carefully. As part of that commitment, we are sharing the full statement provided by Instructure on our update site linked below. We will continue to share updates if more information becomes available.
In the meantime, please continue to stay alert and report any suspicious messages, especially ones that appear to come from someone at your campus. If you receive anything unusual, report it to [email protected]. The CSU will never ask you to pay money to access Canvas or your course materials. If anyone asks you for payment or sensitive information, log out right away and report it to [email protected].
We are aware that rumors may be circulating and potentially spreading misinformation. Please continue to use credible sources. You can find the full statement from Instructure as well as the latest information using the resources below.