OCAD University is aware of a cybersecurity incident involving Instructure, the vendor that operates Canvas. This is a vendor-level incident affecting multiple educational institutions, and was not directed at OCAD University.
We are actively monitoring the situation and working to determine whether any OCAD U information was affected. At this time, Canvas remains available and operational, and students, faculty and staff may continue to use it.
What data was affected?
Based on information currently available from Instructure, information that may have been involved at affected institutions includes names, email addresses, student ID numbers and messages exchanged within Canvas.
Instructure has stated that it has not found evidence that passwords, dates of birth, government identifiers or financial information were involved. Its investigation is ongoing, and this assessment may change.
What to watch for
As a precaution, please be alert for phishing messages that claim to come from Canvas, Instructure or OCAD U, especially messages asking you to click a link, re-enter your password or provide personal information.
A reminder: OCAD University will never ask for your password by email, text, or phone.
We will provide updates if we learn that OCAD U community members are affected or if there are steps that students, faculty or staff should take.
If you receive a suspicious message, please report it to itsecurity@ocadu.ca via email.
