Canvas Cyberattack

Nightingale is aware of a security breach on May 7, 2026, involving Canvas and its parent company, Instructure. This incident is a nationwide event affecting a reported 8,800 institutions, including Nightingale College.   

The party behind the security breach claims to have stolen the names, email addresses, student ID numbers, and messages of 275 million students and teachers.  

Instructure says it found no indication that passwords, dates of birth, government identifiers, or financial information were compromised.   

Canvas is currently unavailable for use by faculty, staff, and learners.   

While Nightingale cannot directly resolve any concerns at this time, we will stay in contact with Instructure through the outage and keep you informed as updates become available.   

We will make coursework accommodations while this issue is being resolved.

Right now: 

• Don't click anything in a ransom message or email about the breach.  
• Be extra suspicious of any urgent message referencing Nightingale, your name or Canvas ID, or company leaders’ names.  
• Sign out of all active Canvas sessions on every device if you are able.  
• At this time, SSO does not appear to be compromised. However, change the password of any personal email addresses that have been associated with Canvas, such as those you may have used as test accounts.  
• Review your Canvas message history for anything sensitive that may have been exposed.  

Ongoing: 

• Expect well-targeted phishing—verify senders through known channels before acting.
• Watch for impersonation attempts directed against our help desk, registrar, or learner funding.

We will continue to monitor the situation and provide updates as new information becomes available.