inEKU Logo

Resources & Information for EKU Faculty, Staff, and Students

EKU Logo
EKU Logo
eku.edu OneLogin Search

Canvas Service & Security Updates

Eastern Kentucky University is actively monitoring the ongoing cybersecurity incident involving Instructure Canvas. This page serves as the official source for verified updates, guidance, and institutional communications.

Important: Do not respond to unsolicited emails or messages requesting credentials, payment, or institutional information related to Instructure Canvas.

Current Status: See current Canvas status.
Last Updated: May 8, 2026 – 9:30 AM EST

Current Situation Overview

At this time, there is no indication that passwords, Social Security numbers, banking information, government-issued identifiers, or dates of birth were exposed.

Potential Impacted Information May Include:

  • Names
  • Institutional email addresses
  • Student ID numbers (EKUID)
  • Course information
  • Learning Management System (LMS)-related content/messages

What should you do?

Students

  • Do not share screenshots or records publicly
  • Report suspicious outreach
  • Verify password reset requests through official EKU channels
  • Protect your educational records and those of others
  • Monitor your Official EKU Email for updates and further instructions

Faculty

  • Maintain FERPA compliance
  • Avoid discussing unverified information publicly
  • Route media inquiries appropriately
  • Remain flexible with students in assignment submission due to Canvas downtime
  • Continue using approved instructional systems
  • Monitor your Official EKU Email for updates and further instructions

Staff

  • Report phishing or social engineering attempts
  • Avoid redistributing institutional information
  • Use only official university communication channels
  • Escalate operational concerns appropriately
  • Monitor your Official EKU Email for updates and further instructions

Student Privacy and FERPA Guidance

Student educational records remain protected under federal law regardless of the circumstances surrounding a cybersecurity incident.

FERPA stands for the Family Educational Rights and Privacy Act of 1974, a U.S. federal law protecting the privacy of student education records.

Learn more about FERPA protections and information.

Learn more about FERPA information, reporting concerns, protected vs. direction information, and student, faculty, and staff responsibilities.

How to Protect Yourself

  • Use strong passwords
  • Do not reuse passwords across systems
  • Verify password reset requests directly through EKU IT
  • Be cautious of urgent or threatening emails
  • Never share credentials through email or text
  • Report suspicious communications immediately

Current Service Impacts

Institutional Updates

May 7, 2026 – 11:50 p.m. EDT
The issues impacting Canvas have been resolved. If you experience any issues while using Canvas, please contact the IT Service Desk.

Need Help or Need to Report Something?

EKU Information Technology
859-622-3000
helpdesk@eku.edu

FAQs

At this time, although Instructure Canvas is actively investigating, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. Instructure has found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted students according to FERPA protocol.

At this time, Instructure Canvas has found no evidence that passwords have been compromised. If you wish to change your password, please follow Reset Your Password instructions.

  • Do not respond to emails, phone calls, text messages, or social media outreach claiming to represent the attackers or requesting payment, credentials, or personal information.
  • Do not click links or download attachments from unsolicited emails referencing “Canvas,” “Instructure,” password resets, account verification, or leaked data.
  • Do not share screenshots, records, course information, private messages, or alleged leaked materials publicly or on social media.
  • Do not attempt to investigate, download, redistribute, or access alleged stolen information if it appears online.
  • Do not share another student’s educational information or records.

If you receive an email that you suspect might be a scam or phishing email, there are several ways you can report it. 

At this time, although Instructure Canvas is actively investigating, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. Instructure has found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted students according to FERPA protocol.

Under the Family Educational Rights and Privacy Act (FERPA), student educational records are protected by federal law. This includes information such as grades, class schedules, student identification numbers, advising records, and other non-public educational information.

Students should understand:

  • You have the right to privacy regarding your educational records.
  • Other students do not have the right to publicly share your protected educational information.
  • Even if information appears online or is circulated through unofficial channels, students should not repost, distribute, or disclose information related to another student.
  • Unauthorized sharing of protected educational information may violate university policy and federal privacy protections.

Official university updates regarding the Canvas incident will only be distributed through verified EKU communication channels.

Official university updates regarding the Instructure Canvas incident will only be distributed through verified EKU communication channels and this webpage.