Message from the OCISO:

Instructure/Canvas Security Incident Update

Instructure has reported a cybersecurity incident involving certain Canvas user data, including names, email addresses, student ID numbers, and user messages. At this time, there is no indication that passwords, dates of birth, government identifiers, or financial information were involved. While UCLA has not received notice of confirmed UCLA-specific data exposure, students, faculty, and staff should remain alert for phishing attempts, fake login pages, scams, and other social engineering activity that may leverage awareness of this incident.

Recommended Actions

• Use only official UCLA or Canvas links to access Bruin Learn. Avoid entering credentials into unfamiliar or suspicious login pages.
• If a login page appears unusual, broken, or different from what was expected, stop and wait for official guidance instead of repeatedly retrying passwords.
• Be cautious of emails, texts, Discord/Instagram messages, or posts claiming urgent action is required related to coursework, grades, exams, account access, refunds, or financial aid.
• Do not trust “workarounds” or alternate login links shared on Reddit, Discord, social media, or group chats during the incident.
• Never approve unexpected Duo prompts or share passwords, MFA codes, or personal information.
• Change any reused passwords used on non-UCLA services and ensure multifactor authentication is enabled where available.
• Protect your student ID number and monitor your university email and student accounts for unusual activity.
• Do not search for, download, or share alleged leaked data.
• Consider using 1Password for accessing Bruin Learn and Canvas, and help ensure your credentials are protected from fake login pages. Link to sign up.

What to Report

Please report suspicious emails, fake login pages, phishing attempts, unexpected Duo prompts, unauthorized account activity, or urgent requests for passwords, MFA codes, payment, or personal information to security@ucla.edu.

The university will continue monitoring the situation and will provide updates as more verified information becomes available. Please remain vigilant, use official university systems and communications, and exercise caution with unexpected requests or login prompts during this period.