Overview
Victoria College has been notified of a global cybersecurity incident involving Instructure, the vendor that provides our Canvas Learning Management System. Instructure recently identified an unauthorized breach of certain user data within its systems. This incident is part of a global security event affecting thousands of educational institutions and is not the result of a breach of Victoria College’s internal network or the Pirate Portal.
What Happened?
As of May 7, 2026, Instructure identified that an unauthorized actor gained access to certain files and made changes to pages visible to certain students and instructors while logged into the system. To contain the activity and prevent further unauthorized access, Canvas was temporarily placed into maintenance mode.
Forensic investigations have confirmed that the actor exploited an issue related to Free-For-Teacher accounts. As a result, Instructure has made the decision to temporarily shut down all Free-For-Teacher accounts while working toward a permanent resolution.
Current Status
Access to Canvas has been restored. The platform is now back online and available for student and faculty use. According to Instructure’s investigation:
- There is no evidence that the unauthorized actor established a permanent presence in the system.
- No account credentials (passwords) were obtained.
- There is no evidence that any additional data was exfiltrated beyond the initial activity.
Impact on VC Students
While the system is back online, please be aware of the following:
- Access Restored: You may now access your courses, materials, exams, and videos as usual.
- Security: This incident was the result of a vulnerability in the vendor’s global platform and was not a breach of Victoria College’s internal network or the Pirate Portal. Victoria College’s Multi-Factor Authentication (MFA) requirement provides a critical layer of security that helps protect student accounts and college data from unauthorized access.
- Deadlines: Please check Canvas for updates from your instructors regarding any adjusted deadlines or revised schedules due to the temporary outage.
What You Can Do To Protect Yourself
- Watch for phishing emails. Even if emails, notices, or text messages contain accurate information about you or one of your accounts, you should always verify the source before responding or clicking on links.
- Secure your accounts. Ensure Multi-Factor Authentication (MFA) is enabled and use strong passwords for all of your accounts. Never give someone your password or an MFA code if asked for it, even if they claim to be from a trusted organization.
More Info
Victoria College will continue to monitor the situation. For the latest global updates from the vendor, visit www.instructure.com/incident_update.
For any specific questions or technical concerns, please contact VC’s Technology Services at IT-Security@VictoriaCollege.edu.