Dear Faculty and Staff:

This is to inform you of a recent cybersecurity incident involving Instructure, the vendor that provides Canvas, Cal Poly Humboldt’s learning management system. 

We have been informed that the threat actor accessed data from many educational institutions worldwide stored at Instructure’s site that likely included information from the CSU. Instructure is still confirming what data may have been exposed, but based on their preliminary assessment, it may include personal information such as names, email addresses, campus ID numbers, and user messages.  At this time, neither Instructure nor we can confirm whether any individual’s data Cal Poly Humboldt was included. Canvas does not store passwords, Social Security numbers, financial information, or dates of birth. 

Canvas remains fully operational, and there is no evidence of an ongoing threat. Instructure has contained the incident, remediated the vulnerability, and continues to investigate in coordination with external forensic experts and law enforcement. 

Out of an abundance of caution, we encourage all community members to remain vigilant for phishing or suspicious communications and to report any such activity to security@humboldt.edu.

Password resets are not required at this time; we will notify you if that guidance changes. 

We are continuing to work with Instructure to determine the full scope of impact and will provide updates, including resources for affected individuals, as more information becomes available at lts.calstate.edu/csu-canvas-incident-reports. If you have any questions or concerns, please contact ITS  Service desk at (707) 826-4357 or help@humboldt.edu.

 Sincerely,