Update: 12 May 2026
TasTAFE has been advised by Instructure (the Canvas system provider) that it has reached an agreement with the threat actor involved in the recent cyber incident, and that the data set has been returned to Instructure.
Investigations into the data breach are continuing, including by Instructure and cyber security authorities. As part of this process, TasTAFE will continue to work through relevant privacy and reporting obligations.
While this development represents an update in the response to the incident, it does not change previous advice.
Staying vigilant
We encourage all students and staff to remain alert to potential scams or unusual activity.
You should:
- be cautious of unexpected emails, messages or phone calls asking for personal information
- avoid clicking links or downloading attachments unless you are confident they are legitimate
- not respond to unsolicited contact about this incident
The Australian Government also recommends taking simple steps to strengthen your online security:
- enable multi-factor authentication where available
- use strong, unique passphrases for each account
- keep your devices and software up to date
By incorporating these simple steps into your daily online activity, you can significantly improve your personal cyber security.
You can find more information about staying secure online at cyber.gov.au and scamwatch.gov.au.
If you believe you have been impacted by cybercrime, you are encouraged to report it via ReportCyber at cyber.gov.au.
TasTAFE will continue to work closely with Instructure, the National Office of Cyber Security and other partners and will provide further updates as more information becomes available.
Update: 11 May 2026
Canvas outage – cyber security incident update
Canvas will be available to staff and learners from 1pm today.
This follows advice from Instructure (the system provider) that it is safe to restore access, based on independent cyber security assurance.
We thank our staff and learners for their patience while access to the system was temporarily unavailable.
Investigations into the incident are ongoing. While TasTAFE has been identified as impacted, there is currently no evidence that passwords, financial information or dates of birth have been accessed.
TasTAFE continues to work closely with Instructure, cyber security authorities and other jurisdictions to understand the incident and minimise any ongoing risk.
Staying vigilant
Even though Canvas is now safe to access, it’s important to remain alert to any unusual or suspicious activity.
- Be cautious of unexpected emails, messages or phone calls requesting information or urgent action
- Avoid clicking links or downloading attachments unless they are confident the source is legitimate
- Never share personal or sensitive information in response to unsolicited contact
TasTAFE will never ask for passwords or sensitive personal information via phone or email.
Reporting
All Australians are encouraged to report cybercrime or suspicious activity to ReportCyber at www.cyber.gov.au.
Update: 8 May 2026
Canvas outage – cyber security incident update
TasTAFE has been notified of a global cyber security incident affecting Canvas, an online learning platform used to support the delivery, management and tracking of training.
As of this morning (Friday 8 May), Canvas is currently unavailable to staff and learners. This is due to the ongoing incident, and TasTAFE is urgently seeking an update from the system provider, Instructure. At this stage, there is no confirmed timeframe for when access will be returned to users.
Investigations commenced immediately and are ongoing. While TasTAFE has been identified as being impacted, the specific nature and extent of any impact remains subject to further advice from Instructure.
At this time, there is no evidence that passwords, financial information or dates of birth have been accessed.
TasTAFE is continuing to work closely with Instructure, as well as cyber security authorities and other Australian jurisdictions, to understand the extent of the incident and minimise its impact.
If it is identified that any personal or sensitive information has been affected, TasTAFE will work with relevant parties to ensure those affected are notified and supported.
Staying vigilant
While investigations continue, there is an increased risk of phishing or scam activity using compromised contact information.
We encourage staff and learners to:
- Be cautious of unexpected emails, messages or phone calls requesting information or urgent action
- Avoid clicking suspicious links or downloading attachments unless the source can be verified
- Not share personal information in response to unsolicited contact
TasTAFE will never ask for passwords or sensitive personal information via phone or email.
A further update will be provided on Monday, 11 May 2026.
Update: 7 May 2026
Protecting yourself online
As part of this cyber security incident, we encourage all individuals to take simple, proactive steps to protect their personal information and online accounts.
The Australian Government recommends three key actions to strengthen your online security:
- Set up multi-factor authentication (MFA) wherever available to add an extra layer of protection to your online accounts.
- Use strong, unique paraphrases (14 or more characters) for each account.
- Install software updates regularly to help keep your devices secure.
By incorporating these simple steps into your everyday online activity, you can significantly improve your personal cyber security. More information is available at Act Now. Stay Secure – What are you risking online?.
Be alert to scams
Following any cyber incident, it is important to remain vigilant.
- Be cautious of unsolicited calls, emails or messages.
- If contacted unexpectedly, hang up and call back using a phone number you have sourced independently.
- It is recommended that you do not respond to unsolicited contact in relation to this incident.
You can learn more about protecting yourself from scams via the National Anti-Scam Centre at www.scamwatch.gov.au.
Reporting
All Australians are encouraged to report cybercrime or suspicious activity to ReportCyber at www.cyber.gov.au.
Update: 6 May 2026
Information for staff and students
TasTAFE is aware of a cyber security incident affecting Canvas, the learning management system operated by Instructure and used to support teaching and learning.
What has happened
- On 2 May 2026, Instructure reported a cyber security incident affecting its Canvas Learning Management System, which is used globally by education providers.
- Instructure took immediate action to address the incident and has engaged external cyber security and forensic specialists.
- On 6 May, Instructure advised that a criminal third party has accessed data associated with some customer accounts, including TasTAFE.
- This incident relates to Instructure’s systems and is not the result of a breach of TasTAFE’s own systems or processes.
What information may be involved
- Based on current advice from Instructure, the data involved may include some personal information, including content stored within Canvas such as messages.
- There is no indication that passwords, dates of birth, government identifiers, or financial information were involved.
Impact on learning and teaching
- Canvas remains online and operational. There is no impact to teaching or learning at this time.
- Staff and students can continue to use Canvas as usual.
What TasTAFE is doing
- TasTAFE is working closely with Instructure and relevant authorities as investigations continue.
- Instructure has engaged external cyber security and forensic specialists and is actively investigating the incident.
- We are maintaining close oversight and will continue to update our community as more information becomes available.
What you need to do
- At this stage, there are no specific actions required.
- If this changes, we will provide clear guidance.