Update (6/8/26): Secure Canvas access as been restored and students may resume use of the online platform.
It is okay to use and submit schoolwork through Canvas, but be mindful not to post any personal information (like addresses or phone numbers) in messages or assignments until we receive all information from the third party company regarding the extent of the breach. Indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users.ย
At this time, there is no evidence that passwords, dates of birth, government identifiers, or financial information were involved.
We will inform you of any further updates as information becomes available.
Report anything suspicious to Tom Ank, Director of Computer Services and Information Security atย tank@clatsopcc.edu
Original Message (6/7/26): The Canvas system that CCC uses for online coursework isย currently offline and inaccessible.
We want to make you aware of a cybersecurity incident involving Instructure, the company behind the Canvas learning management system.
Instructure has notified us they experienced a cybersecurity data breach that affects customers across the globe who use the Canvas platform. The company is still investigating the incident and its extent.ย Canvas was taken offline and placed in aย โmaintenanceโ state by Instructure.ย
Here is what we know at this time:
- CCC’sย own network and systems were not involved in the incident.
- Clatsop Community College does not store social security numbers, physical addresses, dates ofย birth, or the like on this system. Canvas is a product, not hosted or maintained by CCC, and as such we very are careful about the data we store with them, and all our third-party cloud providers. It is important to note that this is isolated to only Canvas, and does not extend to other third-party providers or systems maintained internally.
- A list of schools provided by the group responsible for this attack includes Clatsop Community College.
- Instructure reports that it has taken steps to secure its systems and believes the incident has been contained.
Next Steps:
- There is currently no estimated timeย for a return to service for Canvas, but we are monitoring the situation carefully and will provide updates as they become available.ย If you have used your personal email within Canvas, we recommend that you change your personal email password.
- Students should contact their instructors via email for guidance regarding their class(es) that use Canvas.
- Please monitor your email for updates.
- Be especially wary of emails and texts that claim to be from CCC or Instructure/Canvas that ask you to โconfirmโ login details, open unexpected attachments (like โnew assignmentsโ), or pay fees via unusual methods. Cybercriminals like to reuse stolen data to make phishing and scam messages more convincing, mentioning real school names, teachers, or courses.
- We are taking this very seriously, and at this time are taking steps assuming our instance was compromised, and planning mitigation steps, including working with the vendor and tightening access restrictions.
Please, be alert to unsolicited emails or messages that appear to come from Canvas.ย Report anything suspicious to Tom Ank, Director of Computer Services and Information Security atย tank@clatsopcc.edu
The College is actively monitoring this issue and will share updates when we learn more.
