Last week’s nationwide Canvas incident evolved from a previously disclosed cybersecurity event into a temporary service disruption affecting login access to Canvas and Canvas Catalog. Access to Canvas was restored by 4:00 am ET on May 8. Finals previously scheduled for May 8 were postponed for all faculty and students until Saturday, May 9. 

Instructure, the company that develops and operates the Canvas learning management system, notified institutions that a criminal actor had obtained certain personal account‑associated data. At this time, Instructure has found no indication that passwords, dates of birth, government identifiers, or financial information were involved, and the university does not store this information in Canvas. 

You do not need to take any action aside from continuing to remain diligent about cybersecurity protections, including: 

• Be on the lookout for phishy emails.
  Follow OIT’s online instructions to learn how to spot a scam and report it to OIT. 

• Avoid opening links and attachments from unknown senders.
  When in doubt, access Canvas, MyUTK, UT Microsoft 365, UT Google, and other university websites directly. Do not open attachments unless you are expecting a file from someone. Give them a call if you are suspicious. 

Stay up to date about this incident on the Instructure status page.