From: University Information and Technology
Dear OSU Community Members,
Oregon State University has been notified by Instructure, the vendor that operates Canvas, of a security incident affecting the platform. Instructure has not confirmed whether OSU was directly affected, and students and faculty should continue to use Canvas at this time.
Based on information provided by Instructure, unauthorized actors obtained data from its systems but no longer have access to those systems. According to the vendor, information that may have been involved at affected institutions includes names, email addresses, student ID numbers, and messages exchanged within Canvas. The vendor has stated that there is currently no evidence that passwords, dates of birth, government identifiers, or financial information were involved. This assessment may change as the vendor's investigation continues.
This security incident may result in an increased risk of phishing attempts. Please be aware of unexpected messages claiming to come from OSU, and always verify the sender’s email address and link destinations. OSU will not request passwords, Social Security numbers, birth dates, or bank account information by email, text, or phone. At this time, be especially aware of messages that appear to be related to Canvas conversations between you and your instructor/students.
If you suspect an email to be a phish, report it using the “Report Message” function in Outlook. We appreciate the OSU community for its continued awareness and resilience against cyber threats.
Respectfully, David McMorries
Chief Information Security Officer, Office of Information Security
Oregon State University | University Information and Technology