ITS

May 8, 2026

The Canvas learning management system has been restored to service following the May 7 disruption and is operating normally. The service became available to Hofstra users by 1 a.m. on May 8. Thank you for your patience.

The outage was related to the cybersecurity incident we communicated earlier this week. This is part of a broader third-party incident affecting multiple institutions nationwide.

Instructure, the vendor that provides Canvas, has confirmed that an unauthorized party accessed the platform yesterday and made changes to certain pages within Canvas. As a precaution, Canvas was taken offline to prevent further unauthorized access.

Instructure reports there is no evidence that any additional data was accessed because of yesterday’s activity. For the most up to date information from Instructure please visit their FAQ page.

Hofstra ITS will continue to monitor the situation and share updates as information is available.

Because information associated with members of the Hofstra community may have been accessed, you could see an increase in phishing or other malicious communications. It is critical that we all remain vigilant against such threats.

You should be highly suspicious of unsolicited communications from anyone, including people who may appear to be from Hofstra.

If you receive a suspicious email, text message, or phone call, DO NOT REPLY or otherwise engage with the sender, and DO NOT CLICK on any links or attachments. NEVER APPROVE an unsolicited Duo two-factor authentication prompt. If you receive a Duo prompt and are not actively logging in to a Hofstra service, deny the request as it may indicate that someone is attempting to access your account.

Forward any suspicious message to phishing@hofstra.edu and then delete it.

Sincerely,
Jesse Webster
Chief Information Officer (CIO)
Hofstra ITS

May 7, 2026

Dear Hofstra Community, 

We are writing to provide an update on a developing cybersecurity incident involving Instructure, the vendor that provides the Canvas learning management system.  

Canvas is currently unavailable and will remain down until further notice. Instructure has reported a new incident. We apologize for the disruption and inconvenience this outage is causing. 

The Hofstra ITS team is actively investigating. 

You should be highly suspicious of unsolicited communications from anyone, including people who may appear to be from Hofstra. 

If you receive a suspicious email, text message, or phone call, DO NOT REPLY or otherwise engage with the sender, and DO NOT CLICK on any links or attachments. NEVER APPROVE an unsolicited Duo two-factor authentication prompt. If you receive a Duo prompt and are not actively logging in to a Hofstra service, deny the request. It may indicate that someone is attempting to access your account. 

Forward any suspicious message to phishing@hofstra.edu and then delete it. 

We will continue to keep the community informed. 

Sincerely, 
Jesse Webster 
Chief Information Officer (CIO) 
Hofstra ITS 

May 6, 2026

Hofstra University has been identified as one of the institutions affected by a recent cybersecurity incident involving Instructure, the vendor that provides the Canvas learning management system. This was not a direct attack on Hofstra, but part of a broader third-party incident impacting multiple institutions nationwide.

Instructure has confirmed that an unauthorized party accessed certain data associated with Canvas accounts. The data may include personal and/or academic information stored in the system. At this time, there is no indication that passwords, dates of birth, Social Security numbers, or financial information were compromised.

The vendor reports that they addressed the issue and there is no evidence of ongoing unauthorized access. Hofstra ITS is reviewing security measures in line with vendor guidance.

Canvas remains available for use by faculty, staff, and students.

No action is required at this time. As a precaution and best practice in cybersecurity, please remain cautious of unsolicited messages, even if they appear to come from individuals at Hofstra. If you receive a suspicious message, forward it to phishing@hofstra.edu and then delete it.

We will continue to monitor the situation and share updates as more information becomes available.