Canvas Cybersecurity Follow-Up

May 27, 2026

Posted by STLCC in News Resources 

STLCC Students, Faculty and Staff,

We are providing an update on the recent cybersecurity incident involving Instructure, the parent company of our online learning system Canvas. Instructure notified St. Louis Community College that on April 29 and May 7, a cybercriminal group gained unauthorized access to parts of their system. These issues affected St. Louis Community College and other schools that use Canvas.

This was a third-party issue and not a breach of STLCC’s own technology systems.

Instructure has informed the College that the data accessed via the breach may include: the student’s preferred first name and last name, email address, and Canvas inbox communications between students and faculty members. Instructure’s investigation is ongoing and we will provide additional updates as they become available.

Please use the following recommendations to protect yourself and your family online. Cyber incidents like this can lead to phishing or scam attempts. Please take a few minutes to protect yourself:

• Be cautious of unexpected emails or messages that claim to be from Canvas or STLCC. The College will never ask you for your password or multi-factor authentication (MFA) codes (outside of the login).
• Do not open links or attachments in unexpected emails.
• Validate unexpected emails with a phone call to a phone number listed in the College directory or on the vendor's website.
• Use the Phish Alert button if an email looks suspicious.
• Change your password if you’re concerned (the Help Desk can assist).
• Use multi-factor authentication whenever it’s available.
• Report anything suspicious right away to helpdesk@stlcc.edu.

Staying alert helps protect not just you, but the entire college community. If something feels off, don’t ignore it — report it.

Thank you for taking this seriously and helping keep STLCC safe.