On May 1, 2026, Instructure publicly announced that it had experienced a cybersecurity incident. Instructure has since notified ACU, along with many other schools, that ACU data was impacted.
On May 7, their system was impacted again, resulting in an extended outage of the Canvas system. During this second incident no additional data was compromised.
ACU does not send highly sensitive personal information to Canvas, such as Social Security numbers, dates of birth, financial account information or government identification numbers.
However, Canvas does contain education records. The data fields involved in the compromise include information like usernames, email addresses, course names, enrollment information and messages. Core learning data (course content, submissions, credentials) was not compromised.
ACU Information Technology is actively monitoring the situation, working with Instructure and reviewing Canvas integrations for any service impacts related to Instructure’s security changes.
No action is required from ACU students, faculty or staff at this time.
As a precaution, remain alert for phishing emails or suspicious messages that reference Canvas, Instructure, courses, assignments or grades. Access Canvas only through official ACU links and report suspicious emails to ACU Information Technology.
ACU Information Technology will never ask for your password or your multi-factor authentication code.
ACU will update this page if additional information becomes available or if any recommended actions are identified for the ACU community.
Last updated: May 11, 2026