At Instructure, transparency is a priority, which is why we want to share an update about a recent security issue involving one of our third-party providers. We recently identified that Instructure was targeted in a social engineering attack, similar to other companies, that involved our Salesforce instance. No Instructure products or product data were accessed. The data was largely publicly available business information, such as business names and contact details. We moved quickly to contain the activity and conducted a thorough investigation, supported by outside security experts, including notifying federal law enforcement. Subsequently, we have implemented additional security measures to help prevent similar incidents in the future.

We are committed to communicating openly about anything that could impact our customers and will continue to share updates as we are able. You can find more information on our approach to security and privacy at Instructure’s Trust Center.