Canvas cyber incident

In May 2026, a cybersecurity incident affected Instructure Global Ltd (UK) (Instructure) and its Canvas Learning Management System (Canvas). Canvas is used by education institutions around the world, including by Western Sydney University The College (The College), and is operated by an independent third‑party provider.

The incident is under investigation by Instructure who is providing regular updates to education institutions regarding the scope and potential impact of the incident.

Despite Instructure advising that no information relating to The College has been impacted, The College will continue to monitor Instructure’s communications and provide regular updates to its community as further information becomes available through its investigation.

The College is engaging with the Australian Government’s National Office of Cyber Security (NOCS), Australian Cyber Security Centre (ACSC), Office of the Australian Information Commission (OAIC), NSW Information Privacy Commission (IPC), and Australian Skills Quality Authority (ASQA) regarding the incident.

For the latest updates from Instructure, please visit: https://www.instructure.com/incident_update

We will continue to monitor developments closely and collaborate with sector partners to support an effective and unified response.

Student learning, cyber safety, and privacy remain our highest priorities.

What you need to do

• Be alert for phishing or scam emails or messages, particularly those claiming to be from The College or Canvas and asking you to log in, reset passwords, or confirm a data breach.
• Remember that official Western emails are only sent from @westernsydney.edu.au.
• Report anything suspicious to the IT Service Desk via  itservicedesk@westernsydney.edu.au  or (02) 9852 5111.

ENDS.

28 May 2026
Media Unit