Cybersecurity Incident Impacts Instructure, Potential UNR Data Exposure Under Investigation
The University of Nevada, Reno (UNR) disclosed a cybersecurity incident involving Instructure, the vendor behind the Canvas learning management system. In a statement released Wednesday by UNR President Brian Sandoval, the university confirmed that Instructure experienced a data breach, though it remains unclear whether UNR-specific data was compromised.
According to Instructure’s report to the Nevada System of Higher Education (NSHE), exposed information may include names, institutional email addresses, student ID numbers, and private Canvas messages. The company stated that no evidence suggests passwords, dates of birth, government identifiers, or financial data were affected, and the incident has been contained. A forensic investigation is ongoing.
UNR is collaborating with NSHE to determine whether its data was impacted and will provide updates as more details emerge. In the interim, the university advised the campus community to remain vigilant against phishing attempts, particularly unsolicited messages requesting login credentials or personal information. Suspicious activity should be reported to abuse@unr.edu.
The full scope of the breach and its potential impact on UNR users are still under assessment.
Instructure TPRM report: https://www.rankiteo.com/company/instructure-inc-
"id": "ins1778185982",
"linkid": "instructure-inc-",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education',
'location': 'Nevada, USA',
'name': 'University of Nevada, Reno (UNR)',
'type': 'Educational Institution'},
{'industry': 'EdTech',
'name': 'Instructure',
'type': 'Vendor'}],
'customer_advisories': 'Campus community advised to remain vigilant against '
'phishing attempts',
'data_breach': {'personally_identifiable_information': 'Names, institutional '
'email addresses, '
'student ID numbers',
'sensitivity_of_data': 'Low to moderate (no passwords, DOB, '
'government IDs, or financial data)',
'type_of_data_compromised': 'Personal and institutional data'},
'description': 'The University of Nevada, Reno (UNR) disclosed a '
'cybersecurity incident involving Instructure, the vendor '
'behind the Canvas learning management system. Instructure '
'experienced a data breach, and it remains unclear whether '
'UNR-specific data was compromised. Exposed information may '
'include names, institutional email addresses, student ID '
'numbers, and private Canvas messages. No evidence suggests '
'passwords, dates of birth, government identifiers, or '
'financial data were affected. The incident has been '
'contained, and a forensic investigation is ongoing.',
'impact': {'data_compromised': 'Names, institutional email addresses, student '
'ID numbers, private Canvas messages',
'payment_information_risk': 'No evidence of financial data '
'exposure',
'systems_affected': 'Canvas learning management system'},
'investigation_status': 'Ongoing',
'recommendations': 'Remain vigilant against phishing attempts, report '
'suspicious activity to abuse@unr.edu',
'references': [{'source': "UNR President Brian Sandoval's statement"}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Nevada '
'System of Higher '
'Education (NSHE)'},
'response': {'communication_strategy': 'Advisory to campus community to '
'remain vigilant against phishing '
'attempts',
'containment_measures': 'Incident has been contained'},
'stakeholder_advisories': 'UNR is collaborating with NSHE to determine data '
'impact',
'title': 'Cybersecurity Incident Impacts Instructure, Potential UNR Data '
'Exposure Under Investigation',
'type': 'Data Breach'}