We continue to monitor the ongoing security incident involving Canvas and its vendor, Instructure. At this time, we do not have information indicating that MIT data has been publicly released; however, our review and coordination with the vendor remain ongoing. This incident originates with the vendor environment and is not the result of an issue within MIT’s local systems.
As a precaution, we encourage all community members to remain alert for phishing attempts or suspicious communications that may reference MIT courses, Canvas, or personal information. Do not click unexpected links, open suspicious attachments, or provide passwords or Duo approvals in response to unsolicited requests. Remember to report suspected phishing via the PhishAlert button as soon as possible.
Additional information from the vendor is available on Instructure's website.