Canvas cyber incident

In May 2026, a cybersecurity incident impacted  Instructure Global Ltd (UK) (Instructure) and its Canvas Learning Management System (Canvas). Canvas is a learning platform used by many education institutions around the world, including Western Sydney University The College (The College). Canvas is an independent third-party provider.

During the incident, The College suspended access to Canvas.

Following engagement with the Australian Government’s National Office of Cyber Security (NOCS) and assurances from Instructure (the vendor) that Canvas is operational and secure, access to Canvas has been restored.  More information is available on their website https://www.instructure.com/incident_update.

Following investigations undertaken by Instructure, we can confirm The College was among the education institutions affected by this breach. However, we are awaiting further information from Instructure to understand the precise nature of the data that has been involved in this incident. Once this is received, which still may be some time away, individuals affected will be notified.

The College continues to actively contribute to the national response, coordinated by NOCS. We will remain vigilant in monitoring developments and work collaboratively with colleagues across the sector to support a coordinated and effective national effort.

Student learning, cyber safety and privacy remain our priority.

The College will continue to strengthen cyber safety awareness across our community, emphasising the importance of good cyber hygiene and responsible online practices.

ENDS.

19 May 2026
Media Unit