Update: Tuesday 12 May 2026

Instructure has provided an update on the recent cyber incident impacting its Canvas learning management system.

This incident involved unauthorised access to part of the Canvas environment by a criminal third party, and the theft of user data. Instructure has advised that it has reached an agreement with the criminal actor to return and destroy the stolen data. There is no evidence of ongoing unauthorised access to the University’s Canvas environment or any loss of University data.

We will continue to work closely with Instructure and the National Office of Cyber Security (NOCS) to investigate this breach and manage the risk of future incidents.

Stay alert to phishing scams

While we are confident there is no ongoing risk to our community and your personal data, we encourage you to remain cautious of phishing emails and scam messages. Report any suspicious activity, and review guidance on identifying and avoiding scams.

If you receive a message or email that seems suspicious, do not click any links, open attachments, or respond. Instead, forward the message to ict.askcyber@sydney.edu.au.

If you notice anything unusual in Canvas, contact the Division of Teaching and Learning helpdesk at dtl.helpdesk@sydney.edu.au.

Support available

We understand that incidents like this can cause stress and uncertainty, especially at a critical point in the semester. Support services are available for both students and staff.

The Student Centre is available to assist students with any queries relating to this incident or their studies.  Student Wellbeing services  are also available and can be accessed 24/7.  

Staff can also access 24/7 counselling and wellbeing support through our counselling and coaching partner, Converge International.

Update: Sunday 10 May 2026

We are pleased to advise that Canvas access has been fully restored and teaching and learning can resume as planned. Importantly, no student will be disadvantaged as a result of this disruption. Temporary adjustments, including assessment extensions and other supports where needed, have been put in place to ensure fairness for all students.

Following confirmation from Instructure (the vendor of Canvas), the platform has been thoroughly assessed and is considered secure. 

After completing internal reviews and testing, we are confident in the integrity of the system and have reinstated access, and staff and students can now log in to Canvas as normal.

As a precaution, we encourage all users to:

• Remain alert to phishing or suspicious communications
• Log out of all sessions and consider resetting passwords
• Review course materials to ensure everything appears as expected
• Maintain backups of important content

Further updates and guidance will be shared with students and staff as required and we thank our community for their patience and understanding.

Support is available for anyone in our community who is feeling concerned or requires support. Student Wellbeing services are available to all students, including international and offshore students, and can be accessed 24/7. 24/7 counselling services and wellbeing support is available for any staff or their immediate family members.

We thank our students and staff for their patience and understanding while we worked to resolve this issue. 

Update: Saturday 9 May 2026

Overnight, our Canvas environment has been restored. It is not yet accessible to staff or students, as we need to complete checks. This work is now underway, and a decision on whether to restore access will be made late this afternoon.

We recognise how disruptive this incident has been, not only for our community but for institutions around the world, and appreciate the patience of our staff and students as we work to restore our services following this global outage.

Update: 2pm Friday 8 May 2026

Our online learning management system Canvas has been experiencing a global outage since around 6:00 am AEST this morning. Instructure, the vendor of Canvas, has placed Canvas into maintenance mode while they investigate a global cybersecurity breach. We are one of approximately 9000 institutions around the world that are impacted by this outage, and we are still waiting for advice from Instructure.

We understand this situation is impacting the ability of our students and staff to access some learning materials and assessments including examination activities, and appreciate how disruptive this is at a critical time in the semester.

Our teams are working to understand the extent of the situation and minimise the impact for our community. We will continue to provide updates on the University website and our regular communications channels as more information becomes available.

What our students and staff need to know

• Canvas is unavailable. Do not attempt to log in to Canvas. We will update you when access to Canvas is restored.
• Students will not be penalised for any assessments due during the duration of the outage.
•  Examinations impacted by the outage will be re-scheduled.
• Students will automatically be granted an extension, or provided a mark adjustment or alternative arrangements for any assessment impacted by the outage.
• We will provide more information as it becomes available.

What students and staff need to do

• Attend classes and in-person assessments as usual.
• Be alert for phishing attempts and scam emails. We encourage you to remain vigilant, report any suspicious activity, and review guidance on identifying and avoiding scams.

Support is available for anyone in our community who is feeling concerned or requires support. Student Wellbeing services are available to all students, including international and offshore students, and can be accessed 24/7. 24/7 counselling services and wellbeing support is available for any staff or their immediate family members.

We thank our students and staff for their patience and understanding while we work to resolve this issue.

Update: 9am Friday 8 May 2026

We have been informed Canvas has been down globally from 6am AEST. We’re working to understand and mitigate the impacts for our community, and will provide a further update later today. 

Wednesday 6 May 2026

The University is aware of a cyber incident involving the Canvas learning management system.

Instructure, the vendor of Canvas, has confirmed that University of Sydney data has been impacted by a cyber security breach. The University is one of approximately 9000 educational institutions worldwide that is potentially impacted.

We are engaging with the vendor to confirm if any personal data from our community has been compromised. If a breach of personal data has occurred, we will notify affected individuals and work closely with the National Office of Cybersecurity to manage the impact of the incident.

Students and staff can still access Canvas, and the platform is operating as normal.

We understand this news may cause concern, and we want to remind you that there are resources available if you need support.

• Student Wellbeing services are free and confidential for all students, including international and offshore students, and can be contacted 24/7.
• 24/7 counselling services and wellbeing support is available for any staff or their immediate family members.

We will continue to provide updates as more information becomes available.

While there is no immediate action required, incidents of this nature can increase the risk of phishing attempts. We encourage you to remain vigilant, report any suspicious activity, and review guidance on identifying and avoiding scams.