Advice for UC staff, students, partners and community
Update: 9 May 2026 | Core access to Canvas restored: 5.30pm
The University has confirmed that core access to Canvas has been restored.
This follows advice received from Instructure, the global company that provides Canvas to 9000 universities, colleges and schools around the world, that has been reviewed by the National Office of Cyber Security (NOCS) who have held meetings with Instructure and others in the sector locally and in America.
UC remains concerned about how the cyber-criminal activity on Instructure affects our students and staff.
Investigations into the global criminal cyber security breach are ongoing and the University will continue to work with NOCS and relevant regulatory bodies until we have assurance that the situation is fully resolved. We will keep you informed as more information becomes available.
While core access to Canvas has been restored, connectivity to some tools within the platform such as Cadmus, Turnitin, and FeedbackFruits will be restored progressively over the course of next week (commencing 11 May) and may not be available immediately.
We thank you for your continued understanding and patience as this work progresses.
Scheduled classes will run as normal next week – week commencing 11 May 2026.
Assessments, assignments, in-class tests and exams
Consistent with the minimum 72-hour extension to all assessments scheduled or due during the outage period (Friday 8 May to Saturday 9 May, inclusive), the University will further apply an assessment free period from Friday 8 May to Wednesday 13 May (inclusive).
This assessment-free period effectively extends the advised arrangement to a 96-hour (total) extension following the restoration of core access to Canvas. Students will not be required to submit or participate in any assessments (including assignments, in-class tests or exams) until Thursday, 14 May.
From Monday 11 May, unit convenors will contact students via Canvas announcements regarding arrangements for assessments originally scheduled during the assessment free period (Friday 8 May to Wednesday 13 May, inclusive).
Please wait to receive these announcements before reaching out to your unit convenor with your questions or queries. Please do not email assessment items to your unit convenor or class tutor.
Support
To ensure a smooth transition as we restore Canvas to our IT infrastructure, the University is providing additional support teams on Sunday 10 May between 10am and 5pm to support you. You can access this support as follows:
- Service Desk
- For support to access Canvas.
- Email: servicedesk@canberra.edu.au
- Student Centre
- For questions relating to exams or assessment submissions not addressed in this message or Canvas announcements.
- Email: Student.Centre@canberra.edu.au
Suggested actions to take
As a precaution, the University recommends that staff and students change their passwords.
Some other important protective measures to take, recommended by NOCS, include:
- Make use of strong unique passwords.
- Actively use Multi-Factor Authentication (MFA) on your university account. Importantly, if you receive an MFA prompt that you did not initiate, decline it immediately and report it to the University's Cybersecurity Team.
- Exercise caution with any unexpected or suspicious emails or messages including those that look legitimate (like a bank statement, for example), or ask you to click links, download attachments, or provide login credentials.
- Be aware of potential scam activity, unsolicited contact or engagement with unknown persons online.
- Back up documents and confidential material safely.
- Exercise caution when using Canvas – if anything appears to be suspicious, close the program and report it to the University's Cybersecurity Team.
Please continue to report any online or digital concerns using the Outlook reporting tools or by contacting the University's Cybersecurity Team.
The University acknowledges all the staff who have been actively working long hours and over the weekend to restore this core access to Canvas.
Update: 8 May 2026 | Canvas outage: 4.00pm
The University continues to monitor the outage and make the necessary adjustments to ensure that this outage does not disadvantage students.
We recognise that students are unable to access any learning materials in Canvas during this outage.
The University will, at this stage, apply a minimum 72-hour extension for all assessments (including assignments, or in-class tests/exams, whether conducted in-person or via Canvas) that are scheduled or due during the Canvas outage period.
This extension will be applied from when the University advises that access to Canvas has been restored, at which time students and staff will receive a confirmation text message from the University. Unit convenor will then provide students with further information in each specific unit via a Canvas announcement.
Students are reminded of the tools still available to at this time:
- Access to unit outlines through Digital Handbook.
- MyUC is not impacted and remains accessible.
- Microsoft Teams (for staff)
- Unit Reading list items via (for staff and students)
The UC community is reminded to be vigilant and cautious of any unusual or suspicious emails or messages, and continue to report these using the Outlook reporting tools or by contacting the University's Cybersecurity Team.
The University is in constant contact with Canvas, National Cybersecurity and other impacted universities to ensure Canvas comes back online as soon as possible.
Update: 8 May 2026 | Canvas outage: 10.00am
The global Canvas outage, and second cyber-criminal attempt, is affecting learning and teaching activities across the University.
This follows advice of the first Instructure cybersecurity breach impacting 9000 institutions worldwide, including UC. Instructure is an international digital education technology company headquartered in North America and provider of Canvas.
All UC students and staff have received advice from the University advising of the outage.
First and foremost, the University wants to reassure all UC students that this outage will not disadvantage their studies. Appropriate adjustments and extensions will be put in place to ensure that no student is negatively impacted as a result of this disruption.
The University is working closely with the NOCS and monitoring the situation around the clock, while taking the necessary steps to protect and secure our IT environment. This included disconnecting Canvas to safeguard our systems.
Given the nature of the incident, we are taking a careful and considered approach and are planning on the basis that Canvas services are unlikely to be fully restored before early next week.
As a result, all Canvas-based activities will be impacted until that time including:
- Class activities: Students will not be able to access learning materials through Canvas. All online classes delivered via Canvas will be cancelled until early next week.
- Assessments: Canvas-based assessments (such as quizzes and assignment submissions) will not be available. Assessments that require submission through Canvas cannot be submitted during this period.
- UC-managed materials delivered via Canvas: Access to unit outlines are available through Digital Handbook.
- Learning and teaching tools currently accessible only through Canvas: Cadmus, FeedbackFruits, Turnitin, and Virtual Rooms.
NOTE: MyUC is not impacted and remains accessible.
Please note,students are not required to submit assignment extension forms related to the Canvas outage individually. The impact of this event will be automatically taken into account by teaching staff.
The following tools remain available outside of Canvas and can continue to be accessed:
- Microsoft Teams (for staff)
- Unit Reading list items via (for staff and students)
Update: 7 May 2026
On Saturday 2 May 2026, Instructure, international digital education technology company headquartered in North America and provider of the University's Canvas platform, informed the University of ÃØÃÜÖ±²¥ (UC) of a security incident that affected access to Canvas.
Further advice from Instructure received on 6 May 2026, confirmed that the incident was a cybersecurity breach impacting 9000 institutions worldwide, including UC.
According to Instructure’s advice, they first became aware of the incident on 25 April 2026. The criminal threat actor was detected on 29 April and their access was revoked. They advised that there have been no further indicators of an ongoing threat. Instructure advised that from the time they detected this malicious activity, they moved quickly to protect their platform and learn what happened.
The advice confirmed that the breach involves the names and university-assigned email addresses used by staff and students to access the platform. At this time, their indications are that no passwords, government identifiers and financial information have been breached.
Instructure’s investigations into the breach are ongoing and they are working with forensic experts, and law enforcement agencies and partners to investigate the breach.
UC treats the privacy and security of personal information as a matter of highest importance and is independently monitoring the situation.
At this stage, students and staff do not need to take any action. Instructure has confirmed that access to Canvas has been restored and is fully operational with enhanced monitoring and detection controls in place. Students and staff should be able to continue to make use of Canvas as normal.
As this breach affects 25 Australian and New Zealand universities, UC is part of a coordinated national response involving the National Office of Cyber Security (NOCS), the Department of Education, and Universities Australia.
As this breach involves university-assigned email addresses, please be vigilant of any suspicious emails or communication that may come through to your inbox. Please continue to report these via the Outlook reporting tools or contact the University's Cybersecurity team.
Further updates will be provided as we receive more detail from Instructure.