Students at some universities and colleges across California — and the nation — are unable to access Canvas, the online learning management platform used for class assignments, tests, and more, amid an apparent large-scale data breach of the platform.
Read more Charge of assault on federal officer against Ontario man shot by ICE headed toward dismissal
Instructure, the company that manages Canvas, initially reported a cybersecurity incident involving a “criminal threat actor” on May 1. While the company has since taken steps to secure its systems, colleges using Canvas across the nation began reporting that the platform was inaccessible on Friday, May 7.
The California State University system, which serves more than 470,000 students at 23 campuses across the state, said on Friday that Canvas was down for all of its users at all campuses and at the CSU Chancellor’s Office, which is headquartered in Long Beach.
“Instructure is working diligently to gather more information and get systems restored,” the CSU wrote on its website. “This situation is fluid, and we are working with Instructure to determine the full scope of impact and will provide updates as soon as they are available.”
Instructure, in an incident report log posted on May 6, said that some information potential at risk on account of the security breach includes identifying information including names, email addresses, student ID numbers, and messages between Canvas users.
“At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions,” the Instructure log said.
Read more CBP arrests 27 cruise line workers in San Diego as part of child sexual exploitation investigation
Some social media users posted online Friday, May 7, reporting that their access to Canvas had been blocked — and instead, they were shown messages from the apparent perpetrator of the attack, a group that identified itself as “Shiny Hunters.”
The message, apparently from Shiny Hunters, claims that it will release the data it obtained from affected schools on May 12, 2026, unless Instructure or any of the impacted schools “consult with a cyber advisory firm” and contact Shiny Hunters “privately” to “negotiate a settlement.”
It’s unclear whether University of California schools or California Community Colleges are impacted at this time.
Several colleges, including Santiago Canyon College, California State University Northridge, and other sent messages to students on Friday advising them about the situation.
Read more Final Orange County baseball standings: 2026 season
This is a breaking story. Check back for updates.