Canvas outage and cyber incident

^{Page last updated 13 May}

Important cyber security advice for students and staff

The Canvas platform was recently the target of a cyberattack. Instructure Inc., which owns and operates Canvas, has informed institutions that some user data was accessed during the incident.

We are advised that this may include usernames, email addresses, course names, enrolment information, and messages between users, but not more sensitive information such as passwords.

It is important to be alert to the possibility that this data may be used to target Canvas users, including Flinders students and staff, with phishing emails, texts, or phone calls.

Quick links

Key information for students

Key information for staff

Faqs

There are steps you should take to safeguard your personal online security:

⚠️
Be alert to scams

Be vigilant against phishing emails, texts, or phone calls claiming to be from Canvas or the University. Do not click on links or download attachments in suspicious messages.

abc123
Change passwords

Change your Canvas password and any other accounts that use the same password. Create strong, unique passphrases that are at least 14 characters long. These passphrases should be different for each account you hold.

🔐
Multi-factor authentication

Enable multi-factor authentication wherever available to add an extra layer of security to your online accounts.

📱💻
Protect your devices

Install software updates regularly to keep your devices secure.

🕵️
Report suspicious activity

Report any suspicious messages or account activity to the IDS Service Desk on extension 12345 or (08) 8201 2345.

Further tips on how to be cybersafe can be found at cyber.gov.au/protect-yourself

Current status

Flinders University experienced disruption to Canvas and associated tools, including Turnitin, following a cyber incident affecting Canvas.

Canvas is a learning management system that supports online learning, teaching and assessment activities at thousands of schools and universities around the world, including at Flinders, and is the platform underpinning Flinders Learning Online (FLO).

Canvas’ parent company, Instructure, experienced a cyber incident affecting its systems and, early 8 May 2026, Instructure took Canvas offline globally. As a result, Canvas and associated services were unavailable to institutions worldwide, including Flinders University.

As of 12 May Canvas has been restored and is now fully operational.

While there is no evidence of any direct compromise of Flinders’ systems or infrastructure, the University has implemented a number of precautionary measures to protect our environment and minimise any potential impact.

We recognise this outage has created significant disruption for many staff and students, particularly those involved in teaching, learning support and assessment activities. Our priority continues to be ensuring students are supported and are not disadvantaged academically as a result of this incident.

This page will be updated regularly as more information becomes available.

Key information for students

Face-to-face teaching activities on campus continue as normal.
Face-to-face assessment activities continue as scheduled.
Assignment submission deadlines for assignments ordinarily submitted through Canvas and due between now and Thursday May 14 have been automatically extended until Friday 15 May.
Students do not need to contact topic coordinators or tutors individually to request these extensions.
Flinders Online teaching and assessment activities have resumed with the restoration of Canvas.
Topic coordinators will provide further advice regarding topic-specific impacts and alternative arrangements where required.

Key information for staff

Face-to-face teaching and assessment have continued as normal and Flinders Learning Online teaching and assessment activities have now returned to normal, with the restoration of Canvas.
Please continue to work closely with students and provide flexibility and support where required.
Topic coordinators should communicate directly with students regarding topic-specific impacts and any alternative arrangements required between now and Friday May 15.
Further support materials and operational advice will be distributed as they become available.

Frequently asked questions

What has happened?

Canvas owner, Instructure, has advised institutions globally that it experienced a significant cyber incident affecting its systems. Canvas was subsequently taken offline globally by Instructure and has now been restored.

How was Flinders University affected?

Canvas and associated services, including Turnitin, were temporarily unavailable at Flinders University as part of the global outage but as of May 12 were fully operational.

Has Flinders University been hacked?

There is no evidence of any direct compromise of Flinders University systems or infrastructure.

Is Canvas available now?

Yes, Canvas has been restored and as at May 12 is fully operational.

Have assignment deadlines during the outage been extended?

Assignment submission deadlines for assessments ordinarily submitted through Canvas and due between now and Thursday 14 May were automatically extended until Friday 15 May.

Will classes continue?

Face-to-face teaching activities on campus continue as normal.

What about Flinders Online classes and assessments?

Flinders Online teaching and assessment activities have resumed with the restoration of Canvas.

Will this delay mean future assessment dates change?

Any revisions or changes impacting future assessments will be communicated to students.

Has my personal information in Canvas been breached?

Instructure has previously advised its clients that users’ data was accessed during the cyberattack. It advises this data includes usernames, email addresses, course names, enrolment information and messages between users - but not more sensitive information such as passwords. We are continuing to monitor the impact on Flinders students and staff. It is important you are alert to the possibility this data may be used to target Canvas users, including Flinders students and staff, with phishing emails, texts, or phone calls. Further cyber security advice is available on this webpage.

How will I receive updates?

Updates will continue to be provided through this webpage and University communication channels, when appropriate.

What should staff do if students contact them?

Staff should provide reassurance, direct students to this webpage for updates, and work with students flexibly and consistently.

Can staff use alternative platforms or personal accounts for assessment submission?

Canvas is now fully operational and should be used as normal. Staff should not establish independent submission or assessment processes outside approved University guidance.

Support and updates

Further updates will be published on this page as more information becomes available.

Thank you for your patience and support.