Canvas Restored After Breach, but Some California Campuses Remain Blocked

On Thursday, during finals preparation, Instructure’s Canvas learning management system went offline after a cyberattack. Students and professors at UC, Cal State, Stanford, USC and California community colleges lost access to coursework, assignments and discussion boards. By Friday, Instructure announced the platform was back online, yet many California institutions kept it blocked while they assessed residual risk.

- Instructure reports that roughly 8,000 institutions worldwide rely on Canvas for teaching and learning. - Professor May‑lee Chai of San Francisco State said she received panicked emails from undergraduates and told them, “Don’t try to upload anything to Canvas.” - The breach exposed names, email addresses, student ID numbers and private messages; passwords, dates of birth, government identifiers and financial data were not taken, according to the company. - The hacking group ShinyHunters claimed responsibility, threatening to leak all Canvas data unless their demands were met by May 12, 2026. - ShinyHunters is known for extortion, using social engineering—such as tricking help‑desk staff into believing they are locked‑out users—to gain entry to large databases. - Instructure notified the FBI and the Cybersecurity and Infrastructure Security Agency about the incident.

The incident shows how reliance on a single third‑party ed‑tech provider can create a high‑value target that disrupts hundreds of thousands of users when compromised. While the core platform resumed operation, the continued blocks at some campuses reflect ongoing concerns about data integrity and the possibility of follow‑on phishing or impersonation attacks using the stolen information. Security teams should review third‑party access logs, enforce multi‑factor authentication for all administrative accounts, and monitor for anomalous help‑desk requests that could signal social‑engineering attempts. Applying the principle of least privilege and segmenting authentication services can limit lateral movement if credentials are compromised. Watch for any updates from Instructure on patch releases, further threat‑actor communications, and whether additional California campuses lift their Canvas restrictions in the coming days.