Following a thorough security review conducted by the Chancellor's Office, the California Community Colleges Security Center, and our Foothill-De Anza Community College District security team, Canvas access has been restored. 

What happened 

The vulnerability behind yesterday's incident has been remediated. The "pay or leak" message users received was an extortion attempt carried out through a class of external "Free-for-Teacher" accounts, which have been shut down. Instructure has confirmed that the attacker did not access core Canvas functionality and made no changes to user data, grades, or course content. 

Logging back in 

Faculty and staff should log in through MyPortal as usual. Multi-factor authentication (MFA) is required for all faculty and staff accounts. Please validate that your login experience looks normal and report anything unusual. 

Ongoing phishing risk — please read 

While Canvas itself is now considered safe to use, the earlier incident did involve exfiltration of some user data. That data may be used to craft targeted phishing emails or social engineering attempts that reference Canvas. Please: 

• Be skeptical of any unsolicited message referencing Canvas, your account, or personal information 

• Do not click links, open attachments, or respond to messages that seem off 

• Report suspicious emails or account activity at https://helpdesk.fhda.edu/ 

 Ongoing updates remain available at https://ets.fhda.edu/incidents/. 

For faculty and staff teaching hybrid or fully online courses, both college’s Online Learning Teams hosted two open forums. You can view the recordings below:

 

Thank you for your patience throughout this disruption.