Claim up to $1,250 in flight credits!
Get up to $1,250 in flight credits or grants toward study or internship programs abroad when you apply by June 30, 2026. See our Official Rules for full details.
Instructure Security Incident
Updates & FAQs
We are aware of a recent cybersecurity incident involving Canvas LMS, operated by Instructure.
The vendor has confirmed that data associated with CEA CAPA was accessed as part of this incident. Based on current information, this may include basic personal information such as names, email addresses, student IDs, and messages. There is no indication that passwords, financial information, government identifiers, or dates of birth were involved.
This incident occurred at the vendor level and does not involve a breach of CEA CAPA’s internal systems. We will update this page as more information becomes available.
Last Updated: 5/8/2026
Current Status
- The incident has been contained at the vendor level, and systems remain operational
- The vendor’s investigation is ongoing, with support from external forensic experts
- We are working to confirm the specific scope of impact to CEA CAPA users
Like many universities, we were notified as part of a broader incident affecting multiple institutions using Canvas.
What this means for you
At this time:
- There is no evidence of misuse of your information
- The primary risk is potential phishing or scam attempts using legitimate data
We recommend remaining cautious with unexpected or urgent communications.
What you should do
- Be cautious of emails or messages requesting personal information
- Do not click unfamiliar links or attachments
- Do not share your password or sensitive information via email
- Report suspicious messages to CEA CAPA
What we are doing
We are actively:
- Working with the vendor to confirm the full scope of the incident
- Monitoring for suspicious activity
- Reinforcing security controls across our systems
- Assessing legal and regulatory requirements
Frequently Asked Questions
If you don't see an answer to your question, you can send us an email at ITSecurity@ceastudyabroad.com.
A third-party vendor, Instructure, which operates Canvas, experienced a cybersecurity incident that impacted multiple institutions.
Basic personal data such as name, email address, student ID, and messages. No indication of passwords or financial data exposure.
No. This was a vendor-side incident.
We are working with the vendor to confirm the exact number and will provide updates.
There is no indication passwords were exposed. However, using strong passwords and enabling multi-factor authentication is recommended.