May 8 2026
Santa Clara University has been informed by Instructure of a security breach involving Canvas LMS, which we call Camino.
At this time, names, email addresses, ID numbers, and messages between Camino users are known to be involved. SCU is still waiting for additional clarification from the vendor about other data that may have been involved.
Social Security numbers, government ID numbers, and financial data are not stored in Camino and are not involved in this incident. SCU passwords are also not involved.
SCU is monitoring the situation and will update the campus community as we learn more.
Be Alert for Phishing Attempts
Students, faculty, and staff should be extremely cautious of any emails, webpages, or messages referencing:
- Camino or Canvas security
- SCU account security
- Password resets or account verification
- Urgent requests to log in, confirm information, or click a link
Attackers often take advantage of real security incidents to trick people into clicking malicious links or entering login credentials on fake webpages. If you receive a suspicious message, report it using Gmail's built-in "report phish" option, or forward to report-phish@scu.edu.
Official Updates
Official updates about this incident can be found through:
- This page
- Instructure’s Security Incident Update page
- Communications from SCU’s Chief Information Security Officer.
SCU will continue to monitor the situation and provide updates as more information becomes available.