Several colleges and universities in Michigan are reviewing the impact of a cyberattack involving the learning management platform Canvas after the company behind the service confirmed that user information had been exposed.

Instructure, the company that owns Canvas, said it detected the breach on April 29. The platform is widely used by schools and colleges across the United States to manage coursework, assignments, communication and grading. Among the institutions affected was Jackson College.

According to the company, the exposed information included names, email addresses, student ID numbers and private messages connected to Canvas accounts. Instructure said there is currently no evidence that passwords, birth dates, government identification numbers or financial information were accessed during the incident.

The breach has raised concerns across higher education systems already dealing with increasing cybersecurity threats tied to online learning platforms and cloud-based services.

Tom Holt, a criminal justice professor at Michigan State University, said institutions have become deeply dependent on outside digital service providers, creating broader risks when a platform is compromised.

“It gets exponentially worse every year. And it’s probably just going to continue to happen because we are so dependent on different online service providers,” Holt said.

Holt also urged users to pay closer attention to how they manage passwords across different accounts, warning against reusing the same credentials on multiple platforms.

“The one thing that you can do is be more cognizant of the passwords that you might use. Are you using the same one across multiple platforms? So as an example, if your bank account password is the same as your Canvas password — well, then you should really change one of those quickly,” he said.

Jackson College said students should remain alert for suspicious emails, text messages or messages sent through Canvas, particularly anything requesting login information or account verification.

Holt noted that phishing attempts are often linked to large-scale breaches involving institutional systems.

“Most data breaches of large organizations start either through some kind of compromised phishing or other kinds of means to get inside,” he said.

The timing of the disruption varied among schools. Jackson College was between semesters when the breach occurred, limiting immediate academic disruption there. Other institutions reportedly experienced Canvas outages during final exams, affecting access to coursework and communication tools.

Instructure said Canvas services have since been restored and are operational again, though some schools were still experiencing technical issues as of Friday. The company advised affected users to contact their institutions directly for updates and guidance related to the breach.

May You Like:

Snapseed 4.0 Android Release Follows Renewed Interest In Google’s Photo Editor

For many students and educators, the incident has become another reminder of how central online systems have become to daily academic life, and how disruptive security failures can be when those systems are interrupted.