A cybercrime group known as ShinyHunters claims to have stolen large amounts of data from Instructure, the parent company of Canvas, our learning management system. Instructure has confirmed a security incident involving unauthorised access to user‑identifying information on 1 May 2026, EST (2 May AEST).

What data was exposed?

The exposed data may include:

• Full names
• UTS College email addresses
• Student ID numbers
• Private messages exchanged within Canvas. This could include certificate uploads, conversations between teachers and students and other communications.

There is no evidence at this time that more specific identifying information was accessed.

Current reports indicate passwords were not exposed. However, students should remain vigilant and update passwords as a good security practice.

ShinyHunters claims the breach has targeted and impacted nearly 9,000 institutions worldwide. These numbers are not fully verified, but Instructure has acknowledged a large‑scale incident.

Attackers may have accessed private messages (eg chats about assignments) on Canvas between students, teachers, and staff. These messages may contain personal or academic information.

Yes, it is possible if hackers leak stolen data. Students may see an increase in:

• Fake ‘Canvas support’ emails asking for further information or to click on links
• Messages pretending to be from teachers or administrators
• Requests for login details or personal information.

Please be very cautious and vigilant with any unexpected communication. Students should verify and check messages or emails from teachers via other safe, independent communication channels such as verified UTS College emails and SMS, or in person with the Student Centre or your Student Success Advisers.

• No. As of Friday 8 May, Canvas has been shut down and is temporarily unavailable for teaching and learning until further notice. UTS College has closed access to Canvas for students’ safety and security.

  Please do not attempt to access Canvas at this time until UTS College can conduct additional safety and security checks.

• Our Academic team has already put in place study plans and arrangements to ensure any impact on learning is minimised.
• Our Academic Coordinators will be providing instructions to students on how to submit assignments and continue lessons, and will be providing students with a new study plan on Monday 11 May.
• Students with assignments due Friday 8 May and over the weekend will be provided an extension to Tuesday 12 May.

Students should: 

• Not attempt to log into Canvas.

• Be alert for phishing or scam emails, phone calls or text messages, particularly those claiming to be from UTS College or Canvas and asking you to log in, reset passwords, or confirm a data breach.
•  
  • Not click on any suspicious links or share personal information with anyone who you are not confident of their identity or the source of the communication. Carefully check the url or email address of the source before replying, sending information or clicking links.
  • Report any unusual system behaviour or access issues to the IT Service Desk immediately via the online ITDS portal or by calling (+61) 2 9218 7000.
  • Remain vigilant for suspicious emails or phishing attempts, whether it references this incident or not.
  • Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.
  • Protect all your online accounts with secure passwords and multi-factor authentication (MFA).

   

• General guidance on protecting yourself from scams is available on Scamwatch.
• Students can find information about protecting themselves from fraud and scams on the UTS College website.
• General resources on identity and cyber security support can be found on the following sites:

⦁ OAIC

⦁ IDCARE

⦁ www.cyber.gov.au/protect-yourself

⦁ www.cyber.gov.au/report-and-recover/have-you-been-hacked

Do not click any links or provide personal information if you believe an email, message or phone call to be suspicious.

Report the email and any suspicious messages or links to the Service Desk via the online ITDS portal or by calling (+61) 2 9218 7000.

Be cautious of messages that:

• Ask for passwords or personal details
• Create urgency or pressure you to act quickly
• Come from unfamiliar or slightly altered email addresses.

When in doubt, contact the Service Desk via the online ITDS portal or by calling (+61) 2 9218 7000.

Instructure (the parent company of Canvas) is head-quartered in the USA and is working with cybersecurity experts and relevant authorities. In Australia, there is a very coordinated response led by the National Office of Cyber Security and involving the impacted colleges, universities and schools, multiple regulators, industry bodies and law enforcement.

UTS College is part of this coordinated response.

UTS College is conducting our own investigations including reviewing Canvas safety, security and functionality. We will notify students if their data has been specifically affected.

• Communicating with Instructure and external forensic experts about the ongoing investigation and receiving updates.

• Monitoring Canvas and associated systems via logs for any irregular activity.

• Assessing potential impacts to UTS College data and services.

• Working to restore affected third-party plugs ins, such as Nearpod and Dropout Detective.
• Resetting all Canvas administrator account credentials.
• Identifying any accounts without multi-factor authentication (MFA).

• Monitoring Mimecast (our cloud-based cybersecurity provider specialising in advanced email security, threat protection, and data archiving) for any increased or suspicious email traffic related to Canvas, particularly potential phishing attempts.

We will continue to provide updates to students as more information related to UTS College becomes available.

A recorded message on our phone system is currently in place with ITDS while we manage this issue. If you have urgent concerns, please contact ITDS Service Desk via the online ITDS portal or by calling (+61) 2 9218 7000. 

For additional support, students can contact our Student Success Advisers or refer to our wellbeing resources.