5/12/2026
Dear Campus Community,
We are writing to share an update on the cybersecurity incident affecting Instructure, the third-party company that provides our Canvas learning management system. As previously communicated, this is an Instructure breach affecting data of more than eight thousand institutions nationwide and is not a direct breach or compromise of University of Puget Sound systems or infrastructure.
Yesterday evening, Instructure confirmed that it reached an agreement with the unauthorized actor. This agreement assures that the data was returned and digitally confirmed as destroyed and that no Instructure customers will be extorted as a result of this incident. As a result, Canvas remains fully operational and safe to use.
Instructure also provided additional information to institutions about the scope of the incident. The data fields involved include usernames, email addresses, course names, enrollment information, and messages. The core learning data, which includes course content, submissions, and credentials, remained secure and was not compromised.
You may see other reports in the media about this breach and subsequent agreement. Technology Services is continuing to assess information provided by Instructure and other sources and will continue to closely monitor all available information and assess any implications it may have on the campus community.
Instructure has launched a dedicated incident update page where they will continue to post developments as they become available: https://www.instructure.com/
As always, we encourage everyone to remain vigilant against cybercrime and to report any suspicious emails or account activity to Technology Services at servicedesk@pugetsound.edu. We will share further updates with the campus community as warranted.
Sincerely,
Francisco Chavez, MBA | Chief Information Officer
Andrew Kerkhoff, Ph.D. | Provost