Bellevue College Impacted by Canvas Security Incident
May 7, 2026Bellevue College is sharing information on a security incident involving Canvas, the learning management system used at our college and at colleges across the country.
Bellevue College is sharing information on a security incident involving Canvas, the learning management system used at our college and at colleges across the country.
Instructure — the company that operates Canvas — recently notified Bellevue College that an unauthorized third party obtained data associated with our Canvas environment. This incident was not specifically directed at Bellevue College. Instructure serves many institutions, and this appears to be a vendor-driven incident affecting multiple education customers. Instructure has stated that the broader incident affected many institutions in the United States.
Federal law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has been notified by Instructure.
What was involved at our college: Based on the information Instructure has provided to us so far, the data involved may include personal information; however, Instructure has not yet provided the exact data elements or affected user count for our college. Instructure has stated publicly that, across the broader incident, names, email addresses, ID numbers, and user-to-user Canvas messages were potentially involved. We have asked Instructure to confirm specifically what was involved, including whether Canvas messages were affected and how many users were impacted, and we will share additional information as we receive it.
What was reportedly not involved: Instructure has stated that there is no indication that passwords, dates of birth, Social Security numbers, or financial account information were involved. If Instructure’s findings change, we will update affected community members.
What we are doing: Bellevue College is working with the State Board for Community and Technical Colleges (SBCTC), to press Instructure for additional information about what was specifically involved at our college. We will provide further updates on this page as additional confirmed information becomes available.
Instructure has indicated that organization-specific resources, including identity-protection services for affected individuals, may follow. We will share details as they become available.
Anyone with questions can contact servicedesk@bellevuecollege.edu. Out of an abundance of caution, members of our community are encouraged to be alert to phishing attempts or unexpected messages requesting personal information.