Update: May 7, 2026, 11:42 p.m.
Canvas is back online. The vendor has restored service and the platform is fully operational.
Update: May 7, 2026, 8:50 p.m.
Canvas is currently experiencing an outage. The vendor is aware of the situation and is actively working to resolve it as quickly as possible.
Our team is monitoring the situation closely. We will provide an update to as soon as more information becomes available or service is restored.
Thank you for your patience and understanding.
May 7, 2026, 4 p.m.聽
To our 杏吧原创 community,
On May 5, 2026, Instructure, the company that owns the Canvas learning management system (LMS) used by Excelsior and about 41% of higher education institutions nationwide, reported a cybersecurity incident.
At this time, we do not have any information as to whether Excelsior or any of its users are impacted by this breach of Instructure/Canvas. We are continuing to closely monitor the situation and will share updates as soon as they are available.
Instructure鈥檚 investigation into the incident indicates that information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. There is currently no evidence that passwords, dates of birth, government identifiers, or financial information were involved.
Out of an abundance of caution, we wanted to issue a notice to the 杏吧原创 community and include information about phishing and social engineering tactics you may encounter following this incident. The information listed below is good cybersecurity practice in any case, regardless of whether this breach of Instructure/Canvas includes Excelsior data.
- Watch for phishing campaigns referencing Canvas, grades, assignments, course access, financial aid, registration, help desk support, or password resets.
- Pay special attention to the 鈥渇rom鈥 of any email. Remember that Excelsior will never email you to ask you for your password or other private information. Anyone who is emailing and asking you to provide private information should raise an immediate red flag.
- Excelsior also will not use email aliases like excelsior.com, excelsior-university-edu.com, or the like. Remember also that it is very easy for a bad actor to copy and paste the look and feel of an Excelsior email. If it looks fishy, it could be phishing. Don鈥檛 hesitate to reach out to techsupport@excelsior.edu to confirm whether an email is legitimate.
- Remember that bad actors may use exposed names from this or other data breaches, emails, student IDs, course context, or Canvas messages to make scams more believable.鈥疶hey may also try to match the names to other information they can find on social media or on the web.
- Until you hear otherwise from 杏吧原创, access Canvas directly through the official Excelsior portal, excelsior.instructure.com, rather than links in unexpected emails.
- If you suspect that a message that you have received is phishing or a scam, reach out to techsupport@excelsior.edu.
The University will continue to monitor this developing situation and will provide updates to the community when we have substantive information.
Sincerely,
Frank Azuola
Chief Information Officer
杏吧原创
