CALIFORNIA — Students at some universities, colleges and K-12 school districts across the nation are unable to access Canvas, the online learning management platform used for class assignments, tests, and more, amid an apparent large-scale data breach of the platform.
Instructure, the company that manages Canvas, initially reported a cybersecurity incident involving a “criminal threat actor” on May 1. While the company has since taken steps to secure its systems, colleges using Canvas across the nation began reporting that the platform was inaccessible on Thursday, May 7.
The California State University system, which serves more than 470,000 students at 23 campuses across the state, said on Thursday that Canvas was down for all of its users at all campuses and at the CSU Chancellor’s Office, which is headquartered in Long Beach.
“Instructure is working diligently to gather more information and get systems restored,” the CSU wrote on its website. “This situation is fluid, and we are working with Instructure to determine the full scope of impact and will provide updates as soon as they are available.”
Instructure, said that some information potential at risk on account of the security breach includes identifying information including names, email addresses, student ID numbers, and messages between Canvas users.
“At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions,” the Instructure log said.
Some social media users posted online Thursday, May 7, reporting that their access to Canvas had been blocked — and instead, they were shown messages from the apparent perpetrator of the attack, a group that identified itself as “Shiny Hunters.”
The message, apparently from Shiny Hunters, claims that it will release the data it obtained from affected schools on May 12, 2026, unless Instructure or any of the impacted schools “consult with a cyber advisory firm” and contact Shiny Hunters “privately” to “negotiate a settlement.”
None of the impacted colleges or universities, nor Instructure, have confirmed the identity of the perpetrator of the attack as of around 4 p.m. on Thursday, May 7.
California Community Colleges have also advised that some of their Canvas users have reported receiving emails from the hacker group, and advising anyone who has received the email to ignore it.
“The email claims hackers have been monitoring the user’s activity on web browsers and seeks payment in Bitcoin within 48 hours to have any compromising information deleted,” the CCC said on its website. “This is a scam and anyone receiving such a message should delete it immediately. Do not click on any links, open any attachments, download files, or respond.”
University of California campuses also appear to be impacted by the cybersecurity incident.
Maryam Qazi, a UC Irvine student studying art history, was in an afternoon class when her professor alerted her to an “issue” with Canvas.
“I tried to open Canvas, but itap just inaccessible, you just can’t open it,” Qazi said. “The whole campus is going through it. Everyone is talking about it.”
For UCI students, who operate under the quarter system, “we are just finishing up midterm week, so there’s still stuff needing to be done,” she added.
This is a breaking story. Check back for updates.
