Digital learning platform cybersecurity incident update

06 May 2026

Falmouth University concrete sign in front of glass building
Falmouth sign creative bridge
Back to News
Type: Text
Category:

Update: 8 May 2026

  • The registered email addresses confirmed as affected have been sent an email direct with details of the incident.

  • The digital learning system involved is called Canvas: users may know it as Learn, Falmouth Short Courses, Falmouth Flexible or Dime Online.  
  • Confirmation has been received from Instructure that no passwords, financial data or date of birth data was affected.

 

Incident FAQ

Who is affected? 

The incident is limited to Instructure’s Canvas platform and therefore affects students enrolled on our online undergraduate and postgraduate courses as well as short courses delivered remotely. On campus students are not affected unless they have also registered with Canvas for an online course. 

Have personal details been taken? 

At this stage, we understand the data affected may include names, registered email addresses, student ID numbers, and messages of past and current users, but does not include dates of birth, passwords or financial information. 

Have Falmouth University IT systems been breached? 

No. The incident relates to a third-party provider, Instructure and their Canvas platform which is used by the University as one of our digital learning platforms - users may know it as Learn, Falmouth Flexible, Falmouth Short Courses or Dime Online. 

Do staff and students need to change their passwords? 

No. We have taken proactive steps to review the platform and minimise the risk of further unauthorised activity. 

Does this mean there is a higher risk of cyber security threat? 

The nature of the incident infers that we should be extra vigilant of phishing attempts. As always, if you receive a suspicious email: 

  • Do not click on any links in the email
  • Do not reply to the email or contact the sender in any way
  • If you have clicked on a link in the email, do not supply any information on the website that may open
  • Do not open any attachments that arrive with the email
  • Report the email

 

Original Statement: issued 06 May 2026

We have been notified by the provider of one of our digital learning platforms of a global cybersecurity incident affecting a large number of education institutions worldwide.

The incident relates to Instructure’s Canvas platform used by the University and affects students enrolled on our online undergraduate and postgraduate courses as well as short courses delivered remotely through Canvas, not on-campus students.

Since being alerted by Instructure, which operates the Canvas platform, we have been working to establish the extent of the breach and its potential impact on our current and former students. We have also taken proactive steps to review the platform and minimise the risk of further malicious activity.

At this stage, we understand the data affected may include names, registered email addresses used to register on the platform and messages of past and current users, but does not include dates of birth or financial information.

We recognise that this situation may be concerning and want to reassure you that we are taking steps to make sure our services are secure.