Canvas cybersecurity breach impacting millions of students prompts alerts nationwide
Canvas cybersecurity breach impacting millions of students prompts alerts nationwide
Publish Date: 2026-05-07 20:23:00
Source Domain: www.ksbw.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
A major cybersecurity breach has been reported for the online education platform Canvas, used by schools and universities across the country. Canvas is widely used, with tens of millions of users worldwide. A threat message posted online by a group calling itself “ShinyHunters” claims it breached Instructure, the company behind the Canvas learning management system, and threatened to leak data tied to affected schools unless contacted by May 12, 2026. The threat message is also visible to some students when they log in to Canvas.The message, which references “affected schools” and a file allegedly containing a list of institutions, has circulated online as schools across the country respond to the incident. The claims in the post have not been independently verified by KSBW 8, but multiple colleges and universities have confirmed they were notified of a security incident.Schools across the Monterey Bay region are responding after Instructure, the company behind the Canvas learning management system, notified customers of an external security incident that may have exposed data from educational institutions worldwide.Monterey Peninsula College told students and staff that its Canvas platform remains available and operational and said the college’s internal network was not affected by the incident.“Instructure, the company that supports our Canvas learning management system and a provider to thousands of colleges and universities worldwide, has alerted customers to an external security incident,” MPC Information Technology Services said in a campus message. “At this time, MPC’s Canvas instance remains available and operational for Students and Faculty. Please note, MPC’s network was not impacted in any way by Instructure’s incident.”The college said it is monitoring the situation and has taken proactive steps to confirm the security of its internal systems.California State University, Monterey Bay, also alerted its campus community on Wednesday after receiving notice from Instructure that a threat actor accessed data stored on the company’s systems, affecting many institutions in the CSU system. According to CSUMB, the potentially exposed information may include names, email addresses, student ID numbers and user messages. The university said neither it nor Instructure can yet confirm whether any specific Cal State Monterey Bay individual’s data was included.CSUMB said Canvas does not store passwords, Social Security numbers, financial information or dates of birth.“Canvas remains fully operational, and there is no evidence of an ongoing threat,” the university said in its notice. “Instructure has contained the incident, remediated the vulnerability and continues to investigate in coordination with external forensic experts and law enforcement,” read a media release from CSUMB. Both schools urged students and employees to remain alert for phishing emails and other suspicious communications in the wake of the incident. UC Santa Cruz also notified its campus community that Canvas is currently offline as Instructure responds to what the university described as a nationwide security breach affecting thousands of institutions.“Canvas, our campus learning management system, is currently offline. Instructure, the parent company of Canvas, is currently responding to a nationwide security breach affecting thousands of institutions,” UC Santa Cruz said in a campus message.The university said it had proactively disabled local access points to further safeguard campus data.In addition to the measures taken by Instructure, UC Santa Cruz urged students and staff to remain alert for phishing attempts and cautioned that the university will never ask for passwords, Social Security numbers, birthdates or bank account information through email, text or phone calls.Both MPC and CSUMB also urged students and employees to remain alert for phishing emails and other suspicious communications in the wake of the incident.MPC advised its community to be especially cautious during the busy month of May, warning that scammers may try to exploit stress and distraction. The college asked users to forward suspicious emails to [email protected] said password resets are not required at this time, but noted it would notify users if that guidance changes.A Hartnell College student also reported issues related to Canvas.KSBW 8 also sent a request for comment from various other colleges in the area. Officials said updates will be shared as more information becomes available.The list of impacted schools posted by the hackers also appeared to include several local institutions including Monterey Peninsula College, California State University Monterey Bay, Hartnell College, Monterey County Office of Education, Big Sur Unified School District, Chualar Union School District, Gonzales Unified School District, Cabrillo College and Gavilan College, which serves the Hollister area.The Monterey County Office of Education told KSBW 8 that they do not use Canvas or Instructure-based programs at its schools. Updates on the status of Canvas can be found here. The CSU system has also established a status page.
SALINAS, Calif. — A major cybersecurity breach has been reported for the online education platform Canvas, used by schools and universities across the country. Canvas is widely used, with tens of millions of users worldwide.
A threat message posted online by a group calling itself “ShinyHunters” claims it breached Instructure, the company behind the Canvas learning management system, and threatened to leak data tied to affected schools unless contacted by May 12, 2026. The threat message is also visible to some students when they log in to Canvas.The message, which references “affected schools” and a file allegedly containing a list of institutions, has circulated online as schools across the country respond to the incident. The claims in the post have not been independently verified by KSBW 8, but multiple colleges and universities have confirmed they were notified of a security incident.
Schools across the Monterey Bay region are responding after Instructure, the company behind the Canvas learning management system, notified customers of an external security incident that may have exposed data from educational institutions worldwide.Monterey Peninsula College told students and staff that its Canvas platform remains available and operational and said the college’s internal network was not affected by the incident.“Instructure, the company that supports our Canvas learning management system and a provider to thousands of colleges and universities worldwide, has alerted customers to an external security incident,” MPC Information Technology Services said in a campus message. “At this time, MPC’s Canvas instance remains available and operational for Students and Faculty. Please note, MPC’s network was not impacted in any way by Instructure’s incident.”The college said it is monitoring the situation and has taken proactive steps to confirm the security of its internal systems.California State University, Monterey Bay, also alerted its campus community on Wednesday after receiving notice from Instructure that a threat actor accessed data stored on the company’s systems, affecting many institutions in the CSU system. According to CSUMB, the potentially exposed information may include names, email addresses, student ID numbers and user messages. The university said neither it nor Instructure can yet confirm whether any specific Cal State Monterey Bay individual’s data was included.CSUMB said Canvas does not store passwords, Social Security numbers, financial information or dates of birth.“Canvas remains fully operational, and there is no evidence of an ongoing threat,” the university said in its notice. “Instructure has contained the incident, remediated the vulnerability and continues to investigate in coordination with external forensic experts and law enforcement,” read a media release from CSUMB. Both schools urged students and employees to remain alert for phishing emails and other suspicious communications in the wake of the incident. UC Santa Cruz also notified its campus community that Canvas is currently offline as Instructure responds to what the university described as a nationwide security breach affecting thousands of institutions.“Canvas, our campus learning management system, is currently offline. Instructure, the parent company of Canvas, is currently responding to a nationwide security breach affecting thousands of institutions,” UC Santa Cruz said in a campus message.The university said it had proactively disabled local access points to further safeguard campus data.In addition to the measures taken by Instructure, UC Santa Cruz urged students and staff to remain alert for phishing attempts and cautioned that the university will never ask for passwords, Social Security numbers, birthdates or bank account information through email, text or phone calls.Both MPC and CSUMB also urged students and employees to remain alert for phishing emails and other suspicious communications in the wake of the incident.MPC advised its community to be especially cautious during the busy month of May, warning that scammers may try to exploit stress and distraction. The college asked users to forward suspicious emails to [email protected] said password resets are not required at this time, but noted it would notify users if that guidance changes.A Hartnell College student also reported issues related to Canvas.KSBW 8 also sent a request for comment from various other colleges in the area. Officials said updates will be shared as more information becomes available.The list of impacted schools posted by the hackers also appeared to include several local institutions including Monterey Peninsula College, California State University Monterey Bay, Hartnell College, Monterey County Office of Education, Big Sur Unified School District, Chualar Union School District, Gonzales Unified School District, Cabrillo College and Gavilan College, which serves the Hollister area.The Monterey County Office of Education told KSBW 8 that they do not use Canvas or Instructure-based programs at its schools. Updates on the status of Canvas can be found here. The CSU system has also established a status page.
