Request Information
Ready to find out what MSU Denver can do for you? We’ve got you covered.
Have Questions? We have answers.
Contact Us
Latest Updates
Updated May 8, 2026
To help the Roadrunner community stay informed and protected, MSU Denver shares timely updates about known cyberattacks and data breaches that may affect our students, faculty, and staff. While these incidents often originate outside the University, we post relevant information to help community members take appropriate steps to safeguard their personal information.
Information is updated on a regular basis and incident specific information is archived one year after first notice.
ALERT: Canvas Access Restored - May 2026
Last update: 5/8, 9:55 a.m.
Canvas access has been restored following a nationwide outage caused by a cyberattack that affected Instructure, the learning-management-system provider.
Students, faculty and staff members can now log in and resume use of the platform. Instructure has stated there is no evidence that passwords, dates of birth, government identifiers or financial information were involved. The University will continue to monitor the situation closely in coordination with Instructure.
Be aware that cybercriminals may attempt to exploit this incident by sending phishing emails. Only trust communications from official MSU Denver sources, and do not open or respond to messages from external senders referencing this issue. For more information on how to identify phishing scams, please review this article.
If you observe any suspicious activity or have concerns related to your account, please contact Information Technology Services at 303-352-7548 or the ITS service portal.
Faculty members will provide guidance to students on coursework, assignments and any adjustments related to the disruption. Students should check their University email and Canvas courses for updates.
We appreciate your patience as we worked to ensure the system was secure before restoring access.
ALERT: Canvas Security Incident - May 2026
MSU Denver is aware of a cybersecurity incident reported by Instructure, the company that operates Canvas.
What we know:
- Instructure reports the incident is contained.
- Preliminary affected data includes names, email addresses, student IDs, and Canvas messages. No passwords, financial data, or government IDs are believed to be involved.
- Instructure has confirmed that MSU Denver’s Canvas environment was involved, and that some data has been exposed. The data involved appears to include personal information. At this time, they have found no indication that passwords, dates of birth, government identifiers, or financial information were involved.
What we’re doing:
We are actively monitoring Instructure’s updates and assessing any potential impact to our community. If MSU Denver is confirmed as affected, we will notify impacted individuals promptly and in accordance with applicable privacy requirements.
What you can do now:
Incidents like this are often followed by phishing attempts. Be cautious of unexpected emails asking you to verify your account, reset your password, or click unfamiliar links, even if they appear to come from Canvas, Instructure, or MSU Denver. When in doubt, do not click. Report anything suspicious to ITS before taking action.
Report suspicious emails or activity: IT Service Desk 303-605-7000
Learn more about how to report spam or phishing.
Workday Breach Notification – August 2025
The MSU Denver ITS team was made aware of a data breach in association with our vendor Workday (this was not a breach of MSU Denver systems). Workday was a victim of social engineering that led to a breach of their Salesforce Customer Relationship Management (CRM) platform. This breach does not include sensitive MSU Denver HR information held within Workday itself.
300 MSU Denver employees had some non-sensitive information (MSU Denver email addresses and phone numbers) exposed during this breach; all have been notified by ITS separately.
Stay diligent by identifying common signals of phishing. These include but are not limited to:
- Email address mismatch (the sender name might look familiar, but the actual email address is off)
- Generic greetings (“Dear Customer” instead of your name)
- Urgent or Threatening Language
- Claims like “Your account will be suspended”
- Pressure to act quickly without time to think
- Unusual Links or Attachments
- Links that don’t match the legitimate domain (hover to preview before clicking)
- Unexpected attachments, especially, .exe, .zip, or .scr files
- Use of a trusted service but from an unknown sender (e.g. SharePoint links)
Learn more by reading Workday’s article, Protecting You From Social Engineering Campaigns: An Update From Workday.
Email Account Security Incident - January 2025
On January 4, 2025, MSU Denver became aware of a cybersecurity incident that impacted a limited number of accounts in their email environment. Upon becoming aware of the incident, MSU Denver promptly changed passwords and engaged leading privacy professionals and data security experts to assist in an investigation. No evidence was found revealing misuse of personal information for identity theft or fraud.
This was a cybersecurity incident involving unauthorized access to certain MSU Denver email accounts. While the incident was limited in scope, we take all unauthorized access seriously and are working diligently to prevent any further unauthorized or suspicious activity.
The findings of the investigation revealed that the personal information of some MSU Denver students was impacted. The specific data elements vary for each individual. Individuals whose information was involved will receive a formal notification letter by mail with additional details and steps they can take to protect their personal information.
After discovering the incident, MSU Denver took action to secure the compromised accounts and prevent further unauthorized access by changing passwords and engaging data security and privacy professionals to assist in an investigation.
If your information has been impacted, you will receive a formal notification letter in the mail providing additional information regarding this incident. Further student questions can be directed to [email protected].
Information Security at MSU Denver
- Monitor Your Accounts: Regularly review your bank statements, credit reports, and insurance statements for any unusual activity. If you notice anything suspicious, promptly report it to your financial institutions.
- Use Strong Passwords and Account Security: Update your online accounts with unique and strong passwords. Enable multi-factor authentication wherever possible.
- Be Wary of Suspicious Emails or Communications: Stay vigilant against phishing attempts and suspicious emails or messages. Do not click on any links or provide personal information unless you are certain of the source’s authenticity.
- Fraud Alerts: Consider placing a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. When one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year.
- Credit Freezes: Consider placing a credit freeze with major credit bureaus. This will add an extra layer of security and make it harder for anyone to open new accounts using your information.
- Contact any one of the three major credit bureaus to place an alert or credit freeze.
- Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
- Experian: experian.com/help or 1-888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Learn more about proactive steps you can take at www.identitytheft.gov/databreach.
MSU Denver has a solid security program in compliance with applicable data privacy and security standards. We leverage multi-factor authentication, data encryption, and security event and incident management tools. The University also performs regularly scheduled assessments, among other security measures.