Instructure, the parent company of Canvas/CourseWorks, notified the University this evening that our learning management system may have been impacted by a widespread data breach affecting thousands of educational institutions. Instructure has indicated that there is currently no evidence that passwords, dates of birth, social security numbers, or financial information were involved in the incident. It’s important to note that Columbia’s Courseworks data does not include dates of birth, social security numbers, or financial information, and all users are required to multi-factor authenticate in order to access the system.
Instructure’s investigation remains ongoing, and it is not yet clear what CourseWorks data may have been affected. In addition to the measures Instructure has taken to secure its platform, Columbia University Information Technology (CUIT) has implemented additional precautionary steps to help safeguard our systems. CUIT will continue to closely monitor the situation and provide updates as more information becomes available.
Canvas/CourseWorks remains fully operational and accessible to Columbia faculty, staff, and students. At this time, no specific action is required by Columbia users. However, we encourage all members of the community to remain vigilant and exercise caution with unexpected or suspicious emails or phishing attempts.
