Information Technology Security

GRC update on Canvas security incident

Information for our students, faculty, staff, and community about a security incident involving the Canvas learning management system.

On May 5, 2026, Instructure, the company that operates Canvas, notified Green River College that an unauthorized third party obtained data associated with our Canvas environment as part of a broader national incident impacting many institutions.

Canvas remains operational, and there is no specific technical action required at this time. Updates from Instructure are available on the Instructure status page.

Frequantly Asked Question

Was Green River College hacked?

No systems operated or maintained by Green River College were breached. The incident involved Canvas, a third-party vendor platform operated by Instructure and used by colleges and universities nationwide.

Was my information involved?

Instructure has confirmed that an unauthorized third party obtained data associated with Green River College’s Canvas environment. At this time, Instructure has not yet provided institution-specific details regarding exactly what information was involved or how many users may have been affected.

What information may have been involved?

Instructure has publicly stated that names, email addresses, student ID numbers, and user-to-user Canvas messages were potentially involved across the broader incident. At this time, Instructure has not confirmed exactly what information may have been involved for Green River College specifically.

Were passwords or financial records involved?

Based on the information currently available, Instructure has stated there is no indication that passwords, dates of birth, Social Security numbers, or financial account information were involved.

Do I need to change my password?

At this time, there is no indication that passwords were involved, and Green River College is not asking users to reset their passwords as a result of this incident.

Is Canvas safe to continue using?

Yes. Canvas remains operational and available for coursework and college activities. Instructure has indicated it addressed the underlying vulnerabilities and implemented additional protections.

Were Canvas messages involved?

Instructure has stated publicly that user-to-user Canvas messages were potentially involved across the broader incident. At this time, Green River College has not received institution-specific confirmation regarding whether Canvas messages associated with our college were involved.

What should I do now?

There is no specific action required at this time. Out of an abundance of caution, users should remain alert for phishing emails, suspicious links, or unexpected requests for personal information.

Where can I find updates?

Green River College will continue to share updates as additional confirmed information becomes available. Updates from Instructure are also available through the Instructure status page.

Common IT Security Links

IT Security Helpdesks
Reporting a Security Concern
CyberSecurity 101
Employee Training
Student Training

Policies & Guidelines

IT Policies
GA-23 Ethics Policy
IT Security Program Plan
GRC Technological Infrastructure
GRC Data Guidelines
Software Security Guidelines