OIT Office of Information Technology
| Menu
CU Boulder campus sign

FAQ for Canvas cybersecurity incident

Submitted by stauffeg
on

Instructure has published an FAQ about the recent global Canvas security incident. Please see the following FAQs for campus-specific questions. You can also find more information about this incident in the Canvas service alert. You should also beware of Canvas-related phishing scams.

Why was Parchment unavailable for parts of Thursday and Friday, May 7 and 8?
Due to its connection to Canvas through parent company Instructure, CU also disabled access to Parchment, the platform used to generate official transcripts out of an abundance of caution. Instructure has stated Parchment was not impacted by this cybersecurity incident.

Was any CU Boulder data exposed?
Instructure has shared that a limited amount of CU Boulder data was exposed but said there is no evidence that personal information, passwords, financial data, government IDs, or dates of birth were compromised.

Is Canvas safe to use now?
While faculty and students may resume using Canvas upon its restoration, we strongly encourage everyone to prepare backup plans in case Canvas becomes unavailable again—particularly for assignment submission, assessments, grade records, and course communications.

Have all Canvas integrations been restored, too?
OIT is working to restore integrations in Canvas. To check the status of a specific integration, please reference the Canvas Integration Status page (IdentiKey login required), which will be updated daily or as integration statuses change.

What can I do to prepare for the possibility of Canvas becoming unavailable again?

  • Faculty: please visit OIT’s Academic Continuity During A Canvas Outage page for guidance on developing alternative methods for collecting assignments, administering quizzes or exams, calculating student grades, communicating with students and more.
  • Students: we encourage you to make it a common practice to download critical course and study materials to your personal computer or laptop, and to back up assignment files to a secure, university‑approved storage location such as your CU Boulder Microsoft OneDrive.

Will CU Boulder be sharing more information about this incident?
Yes. Instructure continues to investigate this cybersecurity incident and as our campus learns more information, we will share it with the campus community. The Office of Information Technology will provide updates to the OIT News page as our campus receives new information.