Update at 10:20 a.m. Saturday: UW Canvas access has been restored to UW users following a UWIT and independent security assessment.

At this time, we have no evidence that UW NetID passwords were exposed, but out of an abundance of caution, UWIT recommends all UW Canvas users change their password. For password resets, please go to identity.uw.edu/account/resetpassword.

Access to other systems and tools typically accessed through Canvas, including Parchment, Panopto, and Jupyter Notebooks, is also being restored.

If your Canvas course uses other apps, such as Panopto or Office 365, you may be prompted to re-authorize access to each app for your account. This is expected; please authorize if prompted.

UW users have not had access to Canvas since the outage began around 1 p.m. on Thursday.

Information for students

Students, if you have questions about deadlines or assignment submissions, check directly with your classroom instructor. Please note that deadlines listed in UW Canvas are from prior to the outage, and your instructor would not have had access to UW Canvas to make any changes until 10 a.m. today.

Information for faculty, instructors and teaching assistants

Faculty, instructors and teaching assistants may wish to modify activities, assignments and exams impacted by the outage.

The following guides may be useful to faculty and instructional teams who are updating course assignments:

System security

Instructure, the Canvas provider, has completed verification of its system security in coordination with its independent forensics partner, CrowdStrike.

On May 8, CrowdStrike reported that there is no evidence that the threat actor had system-level access, installed malware nor obtained login credentials, nor that any additional data was extracted during the renewed activity on May 7.

Based on the investigation so far, some education-related information including names, email addresses and messages sent within the platform may have been exposed. Additional investigation into data exposure is ongoing.

CrowdStrike has found no evidence that passwords, dates of birth, government identifiers, such as Social Security Numbers, or financial information were exposed. UW Canvas does not include sensitive personal information such as Social Security Numbers, home addresses, billing information or financial aid information.

We will continue to review additional information from Instructure as it becomes available and to communicate updates to the UW community.

Please be mindful of an increased risk of phishing attacks. See UWIT guidance on how to identify and respond to phishing attacks and follow cybersecurity best practices.

Additional information

UWIT will post any future updates at the UW Canvas incident webpage and the UWIT’s Service Status website — where you can subscribe to receive email updates and the UW. Instructure has also posted information about the incident on its website.

UW Canvas access has been restored to UW users following a UWIT and independent security assessment.

At this time, we have no evidence that UW NetID passwords were exposed, but out of an abundance of caution, UWIT recommends all UW Canvas users change their password. For password resets, please go to identity.uw.edu/account/resetpassword.