Canvas Cybersecurity Incident

Canvas, which provides the university’s learning management system, is experiencing a cybersecurity incident resulting in unauthorized access to data at Canvas from thousands of institutions, including Duke. 

 

In connection with this incident, Canvas experienced a service outage on May 7, and Duke cannot rule out the possibility of further outages for Duke faculty, staff, and students. 

 

According to Instructure, the parent company for Canvas, it has found no indication that passwords, dates of birth, government identifiers, or financial information were involved.  

 

Duke's IT Security Office is closely monitoring this incident and is continuing to assess any effect on the university community. Duke continues to seek more specific and independent forensic assurance about the security of the service. 

 

As a precautionary measure, Duke has reinforced its digital security for all Canvas integrations with other services. In addition, the IT Security Office is monitoring all associated services and accounts closely. 

 

Updates are available on Instructure’s FAQ page. The IT Security Office will continue to monitor the situation, and Duke will share new information as it becomes available, as well as any updated guidance on the continued use of Canvas.