Latest Updates

On May 11, Instructure (the Canvas vendor) announced that they reached an agreement with the criminal hacker group involved in the incident. Instructure communicated that the data was returned to Instructure, that they received assurances that it will not be further shared, and that any copies of that data were deleted: https://www.instructure.com/incident_update

On a national level, the House Committee on Homeland Security has launched an investigation into Instructure’s security practices to ensure greater accountability and protection for the thousands of institutions impacted: https://homeland.house.gov/2026/05/11/chairman-garbarino-seeks-information-from-canvas-developer-after-cyberattacks-impact-schools-and-universities-nationwide/

Update Date: 5/12/2026

About the Breach

On May 7, Canvas (the learning management system used by faculty and students at BC) was targeted by a cyberattack that impacted thousands of schools and hundreds of millions of users worldwide. During this cyberattack, Canvas was temporarily unavailable. BC’s internal systems were unaffected by this breach. 

What Should You Do?

While Instructure received digital confirmation of data destruction, cybersecurity best practices dictate we remain in a state of heightened vigilance. The primary risk after any data breach is targeted phishing. Stay eagle-eyed:

  • Verify the "From" Address: Scammers often use fake domains like security-bc.org.
  • Don’t Reply to Suspicious Emails: Contact the sender directly via the BC Directory.
  • Report Scams: Forward suspicious emails to phishing@bc.edu
  • When in doubt, you can also forward the suspicious email to the IT Security Team at security@bc.edu for a manual review.

Identify and Report Fraudulent Emails

Back To Top