UPDATED: May 12, 2026
As of the morning of May 8, Instructure (the company that operates Canvas) has announced that they are fully back online and available for use. This allows instructional activities at YVC to resume.
On May 11, Instructure that it reached an agreement with the unauthorized actor involved in this incident. As part of that agreement, Instructure stated data was returned and it received digital confirmation of data destruction (shred logs). At this time, YVC has not received information specific to our institution about data that was compromised. The college continues to monitor the situation and its potential impact and will update you as more information becomes available.
What happened: On May 5, Instructure — the company that operates Canvas, the learning management system used at our college and at colleges across the country — notified Yakima Valley College that an unauthorized third party obtained data associated with our Canvas environment. This incident was not specifically directed at Â鶹ÊÓƵ. Instructure serves many institutions, and this appears to be a vendor-driven incident affecting multiple education customers. Instructure has stated that the broader incident affected many institutions in the United States. Instructure has reported that the attack occurred on April 25, 2026; that the company detected the attacker on April 29; and that access was revoked and the underlying vulnerability was addressed on April 30. Federal law enforcement, including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has been notified by Instructure.
What was involved at our college: Based on the information Instructure has provided to us so far, the data involved may include personal information; however, Instructure has not yet provided the exact data elements or affected user count for our college. Instructure has stated publicly that, across the broader incident, names, email addresses, student ID numbers, and user-to-user Canvas messages were potentially involved. We have asked Instructure to confirm specifically what was involved, including whether Canvas messages were affected and how many users were impacted, and we will share additional information as we receive it.
What was reportedly not involved: Instructure has stated that there is no indication that passwords, dates of birth, Social Security numbers, or financial account information were involved. If Instructure’s findings change, we will update affected community members.
What we are doing: Â鶹ÊÓƵ is working with the State Board for Community and Technical Colleges (SBCTC), to press Instructure for additional information about what was specifically involved at our college. We will provide further updates on this page as additional confirmed information becomes available.
Information for our community: Anyone with questions can contact the YVC Help Desk at HelpDesk@yvcc.edu or 509-574-4717. Out of an abundance of caution, members of our community are encouraged to be alert to phishing attempts or unexpected messages requesting personal information.