Instructure, the company that provides Canvas, has provided an important update on its cybersecurity incident. The update is available on their Security Update & FAQs page: https://www.instructure.com/incident_update.
In the update (dated 11 May 2026), the company reports that it has reached an agreement with the criminal threat actor involved in the incident.
As part of this agreement, Instructure reports that the data accessed in the incident has been returned. The update adds that an assurance has also been given by the threat actor that the data involved in the breach will not be further disclosed or distributed and proof has been provided that copies of the data were deleted.
Instructure notes however that there is never complete certainty when dealing with cyber criminals.
The Canvas platform remains available and safe to use. However, it is always recommended that staff and students remain on heightened alert to possible scam emails and be vigilant when opening links or attachments.
IT Services have detailed cybersecurity guidance available at the Cybersecurity Hub on mymtu.ie