Canvas

MHC continues to monitor the Canvas data breach. While the investigation is ongoing, we have confirmed that the scope of impacted data includes usernames, email addresses of faculty, staff and students and enrollment information for the pilot, summer, and fall 2026 in our Canvas instance. We are working closely with Five College Risk Management to evaluate the impact.

How this affects you:

• Pilot faculty and students: Access remains open to allow for the completion of Spring final exams and grading.
• All other faculty and staff: Access for non-pilot faculty and students remains paused. We will not restore full access until we receive further security assurances from the vendor.
• Security: Instructure reports no evidence that passwords or financial data were compromised. We recommend remaining vigilant against phishing attempts.
• Moodle: Our primary LMS is unaffected and remains fully operational.

LITS is acting with an abundance of caution to protect the College's interests. For more information visit Instructure’s Security Incident Page.

LITS has made the decision to restrict access to only those currently participating in the Canvas Pilot to allow them to successfully complete finals and grading of their courses. This measure is being taken out of an abundance of caution while we continue to monitor the vendor’s security investigation.

How this affects you:

• Pilot faculty and students: Access remains open to ensure the successful completion of final exams and grading. 
• All faculty and staff not in the pilot: Canvas access for fall course building and general exploration has been temporarily paused. We anticipate restoring full access once further information and security assurances are available from Instructure.
• Moodle: Our primary LMS, Moodle, remains fully operational and is unaffected by this situation.

LITS continues to closely monitor the situation with Canvas.  Details about the security incident can be found on the Instructure Security Incident Update & FAQs page.

As of this morning, access to Canvas has been restored.  LITS is closely monitoring the situation. 

Canvas is currently unavailable. The vendor is aware of the issue and working to remediate.  Details: https://status.instructure.com/

Instructure recently reported an unauthorized party gained access to their systems between April 25 and April 29, 2026. While Instructure addressed the vulnerability and revoked access April 30, they notified Mount Holyoke College that data associated with our account was among those accessed. Based on Instructure’s forensic investigation, the information involved appears to be limited to identifying information such as names, email addresses, and student ID numbers, as well as messages between users.

Important: Passwords, dates of birth, government identifiers, or financial information are not stored in Canvas, so were not impacted. 

What should you do?  Be vigilant: As with any data incident, be extra cautious of suspicious emails. Scammers often use leaked names or emails to craft targeted phishing attempts.