Courseworks/Canvas Cyber Incident

UPDATE: May 8, 2026 - 12:30 PM
 

Dear members of the Columbia community,

The University has restored Columbia user access to Canvas/CourseWorks following the restoration of services by Instructure, the platform’s parent company.

Access to Canvas/CourseWorks has been restored for Columbia users using valid UNI credentials. If you encounter challenges accessing the login page successfully, please reach out to [email protected], or contact the CUIT helpdesk at 212-854-1919.

Individual schools and instructors will communicate directly with students regarding any residual impacts to final exams or assignment deadlines.

We are deeply grateful to our entire community for your patience and understanding as we navigate this complex and understandably frustrating situation. We also want to extend our sincere thanks to our deans, faculty, and staff, who worked tirelessly throughout the night to maintain continuity and support our students and academic operations as fully as possible.

May 8, 2026

Instructure has restored access to Canvas/CourseWorks for most institutions. Columbia University Information Technology (CUIT) is currently assessing the security and stability of the platform before restoring access for Columbia users. CUIT will continue to monitor the situation closely and provide additional updates as more information becomes available.

May 7, 2026 

The University is aware of widespread issues impacting Canvas/CourseWorks and is actively investigating. Additional information will be shared as it becomes available.

May 6, 2026

Instructure, the parent company of Canvas/CourseWorks, notified the University this evening that our learning management system may have been impacted by a widespread data breach affecting thousands of educational institutions. Instructure has indicated that there is currently no evidence that passwords, dates of birth, social security numbers, or financial information were involved in the incident. It’s important to note that Columbia’s Courseworks data does not include dates of birth, social security numbers, or financial information and all users are required to multi-factor authenticate in order to access the system.

Instructure’s investigation remains ongoing, and it is not yet clear what CourseWorks data may have been affected. In addition to the measures Instructure has taken to secure its platform, Columbia University Information Technology (CUIT) has implemented additional precautionary steps to help safeguard our systems. CUIT will continue to closely monitor the situation and provide updates as more information becomes available.

Canvas/CourseWorks remains fully operational and accessible to Columbia faculty, staff, and students. At this time, no specific action is required by Columbia users. However, we encourage all members of the community to remain vigilant and exercise caution with unexpected or suspicious emails or phishing attempts.