Notice of Third Party Incident

On May 1, 2026, Ohio University was made aware of a cybersecurity incident affecting one of our third-party vendors Instructure; the company that operates Canvas, the University’s preferred learning management system. This incident was not directed at Ohio University directly, as we are just one of the victims as part of a larger data breach.  Instructure serves thousands of institutions worldwide, and this is a vendor-level event that impacts multiple institutions. Canvas continues to operate normally. 

What Happened

According to Instructure: “On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. We detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, we revoked additional suspicious access and addressed the underlying vulnerability. We have found no indicators of an ongoing threat.”

For the latest official information from Instructure, visit: status.instructure.com.

What Ohio University Is Doing

Our IT team is actively monitoring the incident and working directly with Instructure to determine the specifics around information accessed and the related impacts to the Ohio University community. 

What You Should Do

• Watch for phishing emails. Do not click links in unsolicited emails claiming to be from Canvas, Instructure, or OHIO IT. Visit the Phishbowl to review phishing messages that are actively impacting the OHIO Community.
• Access Canvas directly. Always log in to Canvas using official links on www.ohio.edu typing https://ohio.instructure.com directly into your browser.
• Report anything suspicious to the IT Help Desk at help.ohio.edu or 740-593-1222.