McMurry University Monitoring Canvas Cybersecurity Incident

Published: May 6, 2026

McMurry University is monitoring a global cybersecurity incident involving the university’s learning management system provider, Canvas.

On May 1, 2026, Instructure, the parent company of Canvas, notified McMurry University administrators that it was investigating a security incident involving unauthorized access to certain systems. According to Instructure, a threat actor may have accessed data stored within those systems.

On May 5, 2026, Instructure informed McMurry University that data routinely shared with Canvas for the purpose of associating students and instructors with courses may have been accessed as part of the incident.

At this time, Instructure has indicated there is no evidence that passwords, dates of birth, government-issued identification numbers, or financial information were involved in the unauthorized access. Instructure has stated that if additional indicators of exposure are identified, impacted institutions will be notified promptly.

Instructure has engaged law enforcement and independent cybersecurity forensic experts to investigate the scope and impact of the incident and is taking corrective measures to strengthen system security.

McMurry University continues to monitor this developing situation closely and is working with its risk management and cybersecurity partners to evaluate any institutional obligations related to the incident.

At this time, no action is required from McMurry University students, faculty, or staff.

Cybersecurity Best Practices

McMurry University encourages all members of the campus community to practice good cybersecurity hygiene, including:

  • Be cautious of unexpected emails, text messages, or phone calls requesting personal information or urgent action
  • Do not click on unfamiliar links or open unexpected attachments
  • Never share login credentials, usernames, or passwords
  • Report suspicious emails or messages to the IT Helpdesk
  • Forward phishing or suspicious messages to phishing@mcm.edu

Updates will be posted to this page as additional information becomes available.

Last Updated: May 6, 2026