Security Services

Canvas Security Incident -

Frequently Asked Questions

What happened?

Skagit Valley College was notified by Instructure, the vendor that operates the Canvas learning management system, of a cybersecurity incident affecting portions of the Canvas platform used by institutions across the country.

Based on information currently available, certain SVC user information may have been involved in the incident.

Was Skagit Valley College hacked?

At this time, there is no indication that Skagit Valley College systems, networks, or infrastructure were compromised. The incident occurred within the third-party vendor environment used to provide Canvas services.

What information may have been involved?

According to information provided by the vendor, information that may have been involved includes:

  • Names
  • Email addresses
  • Student ID numbers
  • Messages exchanged within Canvas

The vendor has indicated there is currently no evidence that passwords, Social Security numbers, dates of birth, banking information, or other government-issued identifiers were involved.

Was financial aid information involved?

Based on the information currently available, there is no indication that financial aid information or Title IV federal student aid data was involved in this incident.

Should I change my password?

The vendor has stated there is currently no evidence that passwords were involved in the incident. However, it is always a good practice to use strong, unique passwords and update them periodically. If you use the same password across multiple systems or services, changing those passwords may be advisable.

What should I watch out for?

Incidents of this nature may increase the likelihood of phishing attempts, fraudulent emails, text messages, or other scams that attempt to appear legitimate.

Please use caution when:

  • Opening unexpected emails or attachments
  • Clicking links requesting login credentials or personal information
  • Responding to urgent requests for sensitive information
  • Receiving unexpected communications related to Canvas, coursework, or institutional business

How can I identify a phishing attempt?

Common warning signs include:

  • Messages creating a sense of urgency
  • Requests for passwords or personal information
  • Unexpected links or attachments
  • Misspellings or unusual formatting
  • Sender email addresses that do not match the organization they claim to represent

Skagit Valley College will never request passwords, Social Security numbers, banking information, or multifactor authentication codes through unsolicited email, phone calls, or text messages.

What should I do if I receive a suspicious email or message?

Do not click links or open attachments. Please report suspicious communications to the SVC Information Technology department or designated reporting channel.

What is the college doing in response?

The college is actively:

  • Reviewing information provided by the vendor
  • Assessing applicable legal and regulatory obligations
  • Coordinating with appropriate partners and agencies as necessary
  • Monitoring for potential phishing or scam activity
  • Providing updates to the college community as appropriate

How will I know if additional information becomes available?

The college will continue providing updates through official Skagit Valley College communication channels as appropriate. Please rely on official SVC communications for accurate and current information regarding this incident.

Who can I contact if I have questions or concerns?

The college is establishing a centralized process for addressing questions and concerns related to this incident. Additional contact information and reporting resources will be shared with the community as they become available.