Canvas Cybersecurity Incident

Update: 12^th May 2026

There is a further update regarding the recent cybersecurity incident involving the Canvas Learning Management System.
Canvas vendor, Instructure, has advised that they have now directly addressed concerns relating to the potential publication of data associated with this incident.

According to Instructure, an agreement was reached with the unauthorized party involved. As part of this process:
– The data involved in the incident was returned to Instructure
– Assurances were provided that the data will not be shared further on the dark web or elsewhere
– Evidence was provided confirming that copies of the data were deleted
– Instructure has also advised that customers, including educational institutions, will not be subject to extortion attempts related to this incident

While situations involving cybercriminal activity can never carry absolute certainty, Instructure has stated that they took these actions to provide additional reassurance and protection for their customers and communities.

At this stage, there is no action required from staff or students. Canvas services continue to operate normally.
As a precaution, we still encourage everyone to remain vigilant against phishing emails or suspicious messages that may reference this incident.

We understand incidents of this nature can cause concern, and we would like to remind students that wellbeing support services remain available should you require assistance or support.

We appreciate your patience and understanding while updates continue to be provided.

Further information will be shared if additional updates become available.

Update: 8^th May 2026

CIM is aware of a cyber security incident involving the Canvas Learning Management System.

Instructure, the vendor of Canvas, has confirmed that a number of educational institutions worldwide may have been impacted by this incident. We were informed of the matter this week and have since been actively working to secure and review our environment and data at our end.

At this stage, Canvas remains accessible and is operating normally for staff and students. We are continuing to engage closely with the vendor to determine whether any CIM-related data has been affected. If we confirm that personal information has been compromised, affected individuals will be notified accordingly.

While there is currently no immediate action required, we strongly encourage all staff and students to remain vigilant, as incidents of this nature may increase the risk of phishing emails or other suspicious activity. Please avoid clicking on unknown links, sharing passwords, or responding to suspicious communications.

We understand that this news may cause concern, and we appreciate your patience and cooperation while investigations continue. Further updates will be provided as more information becomes available.

If you notice any unusual activity or have concerns regarding your account, please contact the IT team immediately at it@ciom.edu.au.

There is no further action for students to take at this time.