UW Canvas remains unavailable while a security assessment continues.
Out of an abundance of caution, UWIT has disabled logins to UW Canvas, and is still waiting for Instructure, the Canvas provider, to complete verification of its system security.
At this point, we do not have an estimate for when UW Canvas will be available again. The next update will be provided by 10 a.m. on Saturday, May 9, or sooner if information becomes available.
On This Page:
- What Happened?
- Has my personal data been accessed?
- Have any other systems been affected?
- What You Need to Do Right Now
- Who should I contact with questions or concerns?
What Happened?
On May 1st, 2026, the University of Washington was made aware of a security incident impacting Canvas, the UW’s online learning platform. Subsequently, Instructure, Canvas’ parent company, provided updates to their customers about their ongoing response to the incident. At approximately 1PM on May 7th, the incident escalated as Canvas became fully inaccessible to users.
This is a Canvas system issue affecting universities across the country. It is not unique to the UW and is not originating within UW systems. UWIT is assessing the potential impact to the University and coordinating with appropriate campus partners.
According to Instructure, on May 7, an unauthorized actor made changes to the pages that appeared when some students and teachers were logged in. Instructure identified this unauthorized activity and took steps to contain it, including temporarily taking Canvas offline into maintenance mode as a precaution to prevent further unauthorized access. Working in coordination with its independent forensics partner, Instructure has found no evidence that the unauthorized actor maintained a connection to its system, obtained credentials for accounts within the UW institution, or extracted any additional data.
Additionally, Instructure confirmed that the unauthorized actor carried out this activity by exploiting an issue related to its Free-For-Teacher accounts. The company stated that the entry point for the incident last week was also through the Free-For-Teacher accounts. As a result, Instructure has made the decision to temporarily shut down its Free-For-Teacher accounts.
Has my personal data been accessed?
Some education-related information such as contact information, course participation, course materials and assignments may have been exposed, though Instructure’s investigation is underway and we are awaiting confirmation. UW’s instance of Canvas does not include sensitive personal information such as Social Security Numbers, home addresses, billing information or financial aid information.
Have any other systems been affected?
The nature of the UW Canvas outage means several other systems are unavailable, including:
- Parchment
- Panopto
- Jupyter Notebooks
Other tools typically accessed through Canvas may have reduced functionality at this time.
While the UW Zoom integration in Canvas is unavailable, UW Zoom itself remains functional: meeting links should remain active and available.
Please note that Register.UW is unaffected and available for student class registration.
What You Need to Do Right Now
Be vigilant with your email. In the aftermath of this security incident, UW students, faculty, and staff may be targeted by phishing campaigns designed to impersonate legitimate messaging from the UW and/or Canvas. If you suspect a message may be fraudulent, promptly report it to UWIT by forwarding the message as an attachment to an email to help@uw.edu.
Faculty members, instructors and teaching assistants who would like to contact their students via email may export a course roster, including student UW email addresses via MyUW. Please note that users cannot access UW Canvas to submit assignments, message instructors or students or access course content.
While we currently do not have evidence that UW NetID credentials were compromised, if you are concerned, you may choose to reset your password via the UW NetID Manage page.
If you wish to review a more detailed summary of the incident, Instructure provides information on their Security Incident Update & FAQs page.
Who should I contact with questions or concerns?
Questions may be directed to help@uw.edu.