As of approximately 9:00 a.m. this morning (Friday, May 8), access to the Canvas learning management platform has been restored for all Brown community members. All Canvas services have been restored with the one exception of the HTML Editor feature, which currently is disabled by Instructure.
Today’s restoration of the Canvas platform at Brown follows a significant cybersecurity incident affecting Instructure, the company that operates Canvas. As we shared on Thursday, Canvas was unavailable at Brown and more than 8,000 schools across the country.
While our expectation is that Canvas will remain operational moving forward, this remains an external vendor incident involving Instructure — not a direct compromise of Brown systems — so we continue to take all possible steps to ensure our environment remains secure. The Office of Information Technology will continue to monitor the Canvas service and will keep the community informed through this status page alert if there is any need for additional updates.
In addition, Brown’s academic leaders will follow up today with all course instructors to provide additional guidance about ensuring continued access to information maintained in Canvas.
Please note:
- You should change your Brown password as soon as possible via https://myaccount.brown.edu/profile/brownpassword as a precaution if you attempted to log in to Canvas between 4:00 and 4:30 p.m. on Thursday, May 7, when the system’s login function may have been temporarily controlled by the threat actor behind the Instructure cyber incident.
- If you attempted to log in to Canvas after 4:30 p.m. on Thursday but before the system’s restoration this morning, you do not need to take action. We have confirmed that usernames and passwords were safely contained within Brown's systems during that period.
We recognize that this outage has impacted all students and instructors using Canvas at a critical time of the semester, and we are grateful for your patience and understanding.
Posted May 08, 2026 - 11:44 EDT
Identified
Update on the Canvas Security Threat and Temporary Outage:
Earlier today, Brown and more than 8,000 schools across the country were impacted by the escalation of a significant cybersecurity incident affecting Instructure, the company that operates the Canvas learning management platform. For approximately 20 minutes this afternoon, Brown community members visiting the login page for Canvas were redirected to a webpage that may have been temporarily controlled by the threat actor behind the Instructure cyber incident. Staff in the Office of Information Technology (OIT) and Digital Learning & Design took immediate steps to mitigate any ongoing threat to the Brown community and begin the work of developing a full response plan.
At this stage, access to Canvas remains disabled for all Brown community members, and we do not yet have a timeline for restoration. The Canvas outage impacts students at every level – undergraduate, PhD, medical, and master’s and professional students. We recognize that the impacts for coursework at Brown, particularly as we reach the end of the semester, are significant. Academic and administrative leaders are actively working this evening to address the cyber incident, determine solutions and plan for potential interim measures should access to Canvas remain disabled in the coming days. Our understanding is that no systems beyond Canvas have been impacted.
At this time we recommend users of Canvas consider these actions:
- If you entered your Brown username and password to log in to Canvas between approximately 4 and 4:30 p.m. today, as a precaution you should reset your Brown password as soon as possible using OIT's self-service Change Brown Password page (https://myaccount.brown.edu/profile/brownpassword).
- If you are an instructor and need to contact your students or share course materials with them outside of Canvas, you have options to reach students in your course through Class Lists, Google Course Groups, and sharing materials through Google Drive (https://help.canvas.brown.edu/a/2073094-canvas-incident-information).
- OIT will update this incident's IT Status Alert as soon as there is new information to share. You can subscribe to alerts to follow any updates.
This afternoon’s incident marks an escalation in an Instructure data breach that began in recent days. In addition to the implications of Canvas being currently disabled, OIT is reviewing the potential impact to Brown community members in regard to data accessed in the Instructure breach. According to the company, the information involved may include names, email addresses, student ID numbers and messages exchanged in Canvas. Brown does not store passwords, dates of birth, government identifiers or financial information in Canvas, and there is therefore no risk to this information being exposed for any Brown community as part of this breach. This was an external vendor incident involving Instructure — not a direct compromise of Brown systems — and we are taking all possible steps to ensure our environment remains secure.
Because incidents like this can lead to follow-up phishing attempts, please be cautious with unexpected or suspicious messages, particularly those referencing Canvas. In addition:
- Never share your passwords, Duo codes, social security number, banking information or other sensitive information by email, text or phone.
- If you receive a suspicious email message, report it via the Phish Alert button in Gmail (https://go.brown.edu/phishalert). Do not click on links or interact otherwise with unexpected messages.
- If you receive any other suspicious correspondence or have questions, please contact the OIT Service Center at 401-863-4357 or help@brown.edu.
We recognize that students, faculty and staff will have many questions. Please know we are working quickly to develop solutions. We will share updates as soon as we are able. We understand this incident is causing disruption, and we are grateful for your patience.
Posted May 07, 2026 - 20:45 EDT
Investigating
The Canvas service is experiencing degradation. OIT is investigating this issue.
Posted May 07, 2026 - 16:23 EDT
This incident affects: Teaching and Learning (Canvas Course Platform).