91Ö±²¥

Advice for UC staff, students, partners and community

Update: 14 May 2026 | Update on the Canvas cyber incident and outage: 3pm

The University’s IT and Cyber Security and Learning Environments teams continue to work diligently to secure our IT infrastructure and restore full functionality of the Canvas platform, while student engagement and support teams are providing direct assistance to students.

Thank you once again for your patience.

The University continues to engage in the national response to the incident, coordinated by the Commonwealth Government’s National Office of Cyber Security (NOCS), and will remain diligent in monitoring the incident and work with colleagues across the university sector to support the national response.

The University will also continue to promote cyber‑safety awareness across the UC community, reinforcing the importance of good cyber hygiene in online environments.

Current status of Canvas

Recent advice received from Instructure provided their assurance that the Canvas platform is now safe to access, and the University has restored all programs and support systems within Canvas, with the exception of EchoPoll.

The University is working with the vendor to restore functionality as soon as possible. Staff and students can now continue to use Canvas as normal.

Assessment arrangements

By now, students should have received information from their unit conveners about any unit‑specific changes to assessments. An assessment‑free period – 8 to 13 May – was put in place to help support students and provide additional flexibility following the Canvas outage.

As a result of these adjustments, the University has rescheduled the release of Semester One 2026 grades to 10 June 2026.

Responding to the breach

Instructure is working with forensic experts to investigate the breach. They have committed to provide all affected institutions with a detailed report on the data exposure, and have advised that this forensic work will take some time to complete.

As shared in earlier updates, the University is aware that some personal information including names, 91Ö±²¥â€‘assigned email addresses, and messages sent within Canvas were exposed. As a result of that exposure, the University has undertaken all the required regulatory reporting.

The University remains focused on responding to the incident from a community perspective, to limit any further impact and inconvenience for staff, students and our partners.

Steps you can take

As a precaution, it is recommended that you change your password – update it at or by contacting the Service Desk at servicedesk@canberra.edu.au.

The Australian Government advises three simple steps to be more secure online:

• Set up multi-factor authentication whenever available to add an extra layer of security to online accounts.
• Create strong and unique passphrases of 14 or more characters. These passphrases should be different for each account you hold.
• Install software updates regularly to keep devices secure.

These steps can help significantly improve personal cyber security. For more information, visit Act Now Stay Secure , which offers invaluable advice and guidance on good cyber practice.

NOCS has advised that scammers use cyber incidents as an opportunity to make unsolicited contact. Please remain vigilant around any unsolicited contact to your university email address. Learn how to protect yourself from scams by visiting the National Anti-Scam Centre’s (NASC) ScamWatch site, .

Please continue to report any online or digital concerns using the Outlook reporting tools, or by contacting cybersecurity@canberra.edu.au.

You can also report cybercrime and cyber incidents to ReportCyber at .

Further updates will be provided as soon as the University has more information available.

Update: 11 May 2026 | Ongoing work to restore access to learning tools in Canvas: 7pm

Work to restore connectivity of tools within Canvas is ongoing and will continue over the course of the week.

We thank you for your continued understanding and patience as this work progresses.

Unit advice

Please do not email assessment items to your unit convenor or class tutor.

If you have questions relating to your unit assessments, please contact your unit convenor directly.

Ongoing precautions

The University recommends that staff and students change their passwords.

Some other important protective measures to take, as recommended by NOCS, include:

• Make use of strong unique passwords.
• Actively use Multi-Factor Authentication (MFA) on your university account. Importantly, if you receive an MFA prompt that you did not initiate, decline it immediately and report it to the University's Cybersecurity Team.
• Exercise caution with any unexpected or suspicious emails or messages including those that look legitimate (like a bank statement, for example), or ask you to click links, download attachments, or provide login credentials.
• Be aware of potential scam activity, unsolicited contact or engagement with unknown persons online.
• Back up documents and confidential material safely.
• Exercise caution when using Canvas – if anything appears to be suspicious, close the program and report it to the University's Cybersecurity Team.

Please continue to report any online or digital concerns using the Outlook reporting tools or by contacting the University's Cybersecurity Team.

Update: 9 May 2026 | Core access to Canvas restored: 5.30pm

The University has confirmed that core access to Canvas has been restored.

This follows advice received from Instructure, the global company that provides Canvas to 9000 universities, colleges and schools around the world, that has been reviewed by the National Office of Cyber Security (NOCS) who have held meetings with Instructure and others in the sector locally and in America.

UC remains concerned about how the cyber-criminal activity on Instructure affects our students and staff.

Investigations into the global criminal cyber security breach are ongoing and the University will continue to work with NOCS and relevant regulatory bodies until we have assurance that the situation is fully resolved. We will keep you informed as more information becomes available.

While core access to Canvas has been restored, connectivity to some tools within the platform such as Cadmus, Turnitin, and FeedbackFruits will be restored progressively over the course of next week (commencing 11 May) and may not be available immediately.

We thank you for your continued understanding and patience as this work progresses.

Scheduled classes will run as normal next week – week commencing 11 May 2026.

Assessments, assignments, in-class tests and exams

Consistent with the minimum 72-hour extension to all assessments scheduled or due during the outage period (Friday 8 May to Saturday 9 May, inclusive), the University will further apply an assessment free period from Friday 8 May to Wednesday 13 May (inclusive).

This assessment-free period effectively extends the advised arrangement to a 96-hour (total) extension following the restoration of core access to Canvas. Students will not be required to submit or participate in any assessments (including assignments, in-class tests or exams) until Thursday, 14 May.

From Monday 11 May, unit convenors will contact students via Canvas announcements regarding arrangements for assessments originally scheduled during the assessment free period (Friday 8 May to Wednesday 13 May, inclusive).

Please wait to receive these announcements before reaching out to your unit convenor with your questions or queries. Please do not email assessment items to your unit convenor or class tutor.

Support

To ensure a smooth transition as we restore Canvas to our IT infrastructure, the University is providing additional support teams on Sunday 10 May between 10am and 5pm to support you. You can access this support as follows:

• Service Desk
  • For support to access Canvas.
  • Email: servicedesk@canberra.edu.au
• Student Centre
  • For questions relating to exams or assessment submissions not addressed in this message or Canvas announcements.
  • Email: Student.Centre@canberra.edu.au

Suggested actions to take

As a precaution, the University recommends that staff and students change their passwords.

Some other important protective measures to take, recommended by NOCS, include:

• Make use of strong unique passwords.
• Actively use Multi-Factor Authentication (MFA) on your university account. Importantly, if you receive an MFA prompt that you did not initiate, decline it immediately and report it to the University's Cybersecurity Team.
• Exercise caution with any unexpected or suspicious emails or messages including those that look legitimate (like a bank statement, for example), or ask you to click links, download attachments, or provide login credentials.
• Be aware of potential scam activity, unsolicited contact or engagement with unknown persons online.
• Back up documents and confidential material safely.
• Exercise caution when using Canvas – if anything appears to be suspicious, close the program and report it to the University's Cybersecurity Team.

Please continue to report any online or digital concerns using the Outlook reporting tools or by contacting the University's Cybersecurity Team.

The University acknowledges all the staff who have been actively working long hours and over the weekend to restore this core access to Canvas.

Update: 8 May 2026 | Canvas outage: 4.00pm

The University continues to monitor the outage and make the necessary adjustments to ensure that this outage does not disadvantage students.

We recognise that students are unable to access any learning materials in Canvas during this outage.

The University will, at this stage, apply a minimum 72-hour extension for all assessments (including assignments, or in-class tests/exams, whether conducted in-person or via Canvas) that are scheduled or due during the Canvas outage period.

This extension will be applied from when the University advises that access to Canvas has been restored, at which time students and staff will receive a confirmation text message from the University.  Unit convenor will then provide students with further information in each specific unit via a Canvas announcement.

Students are reminded of the tools still available to at this time:

• Access to unit outlines through Digital Handbook.
• MyUC is not impacted and remains accessible.
• Microsoft Teams (for staff)
• Unit Reading list items via (for staff and students)

The UC community is reminded to be vigilant and cautious of any unusual or suspicious emails or messages, and continue to report these using the Outlook reporting tools or by contacting the University's Cybersecurity Team.

The University is in constant contact with Canvas, National Cybersecurity and other impacted universities to ensure Canvas comes back online as soon as possible.

Update: 8 May 2026 | Canvas outage: 10.00am

The global Canvas outage, and second cyber-criminal attempt, is affecting learning and teaching activities across the University.

This follows advice of the first Instructure cybersecurity breach impacting 9000 institutions worldwide, including UC. Instructure is an international digital education technology company headquartered in North America and provider of Canvas.

All UC students and staff have received advice from the University advising of the outage.

First and foremost, the University wants to reassure all UC students that this outage will not disadvantage their studies. Appropriate adjustments and extensions will be put in place to ensure that no student is negatively impacted as a result of this disruption.

The University is working closely with the NOCS and monitoring the situation around the clock, while taking the necessary steps to protect and secure our IT environment. This included disconnecting Canvas to safeguard our systems.

Given the nature of the incident, we are taking a careful and considered approach and are planning on the basis that Canvas services are unlikely to be fully restored before early next week.

As a result, all Canvas-based activities will be impacted until that time including:

• Class activities: Students will not be able to access learning materials through Canvas. All online classes delivered via Canvas will be cancelled until early next week.
• Assessments: Canvas-based assessments (such as quizzes and assignment submissions) will not be available. Assessments that require submission through Canvas cannot be submitted during this period.
• UC-managed materials delivered via Canvas: Access to unit outlines are available through Digital Handbook.
• Learning and teaching tools currently accessible only through Canvas: Cadmus, FeedbackFruits, Turnitin, and Virtual Rooms.

NOTE: MyUC is not impacted and remains accessible.

Please note,students are not required to submit assignment extension forms related to the Canvas outage individually. The impact of this event will be automatically taken into account by teaching staff.

The following tools remain available outside of Canvas and can continue to be accessed:

• Microsoft Teams (for staff)
• Unit Reading list items via (for staff and students)

Update: 7 May 2026

On Saturday 2 May 2026, Instructure, international digital education technology company headquartered in North America and provider of the University's Canvas platform, informed the 91Ö±²¥ (UC) of a security incident that affected access to Canvas.

Further advice from Instructure received on 6 May 2026, confirmed that the incident was a cybersecurity breach impacting 9000 institutions worldwide, including UC.

According to Instructure’s advice, they first became aware of the incident on 25 April 2026. The criminal threat actor was detected on 29 April and their access was revoked. They advised that there have been no further indicators of an ongoing threat. Instructure advised that from the time they detected this malicious activity, they moved quickly to protect their platform and learn what happened.

The advice confirmed that the breach involves the names and university-assigned email addresses used by staff and students to access the platform. At this time, their indications are that no passwords, government identifiers and financial information have been breached.

Instructure’s investigations into the breach are ongoing and they are working with forensic experts, and law enforcement agencies and partners to investigate the breach.

UC treats the privacy and security of personal information as a matter of highest importance and is independently monitoring the situation.

At this stage, students and staff do not need to take any action. Instructure has confirmed that access to Canvas has been restored and is fully operational with enhanced monitoring and detection controls in place. Students and staff should be able to continue to make use of Canvas as normal.

As this breach affects 25 Australian and New Zealand universities, UC is part of a coordinated national response involving the National Office of Cyber Security (NOCS), the Department of Education, and Universities Australia.

As this breach involves university-assigned email addresses, please be vigilant of any suspicious emails or communication that may come through to your inbox. Please continue to report these via the Outlook reporting tools or contact the University's Cybersecurity team.

Further updates will be provided as we receive more detail from Instructure.