Cyber Incident Victim: California Community Colleges
Date:
May 2026
Location:
United States of America
Summary
A cyberattack on the Canvas learning management system by the group ShinyHunters locked out students and faculty across California’s universities, colleges, and K-12 schools, preventing access to lectures, assignments, and exams. The breach exposed emails, student identification numbers, and internal Canvas messages but did not compromise Social Security numbers, financial data, or passwords, while the attackers demanded a settlement to avoid releasing the stolen information. Affected institutions, including the California Community Colleges, the University of California, and California State University, gradually restored services while advising caution against phishing attempts and noting that no ransom payment was confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 1, Instructure notified schools of a problem with the Canvas learning management system, and by May 8 the attack had entered its second day, locking thousands of California students out of online lectures, exams and assignment submissions needed for finals. The breach affected the University of California, California State University, the state’s 116 community colleges and numerous K‑12 schools, compromising emails, student identification numbers and internal Canvas messages while leaving Social Security numbers, financial data and passwords untouched. Attackers identifying themselves as ShinyHunters posted a message on Canvas stating that they had breached Instructure again and would release the data unless schools contacted them privately to negotiate a settlement, giving a deadline of May 12. Many users who refreshed the login screen saw the ransom note displayed across their screens, preventing further access to the platform. The disruption coincided with the week before finals, a period described as “Dead Week” at UC Berkeley when classes are suspended for exam preparation.

Students expressed immediate concern over both academic progress and personal data security; UC Berkeley computer science major Adrian Segura said the stress stemmed less from missing assignments and more from fear that his information would be leaked, noting that he habitually enters a false date of birth unless legally required. Graduate student Jesse Martinez of San Francisco State reported being unable to submit the documentation required for a year‑end project due Friday, jeopardizing his graduation timeline less than two weeks away. Microbiology student Chiara Vinzoni described the atmosphere as panicked, saying the timing of the attack during finals week was extremely frustrating. Instructors scrambled to find alternative ways to share study materials, with one UC Berkeley graduate instructor planning to use a Google Drive but lacking a means to mass‑email the link without Canvas. The inability to communicate through the platform forced many educators to rely on ad‑hoc methods such as direct emails or file‑sharing services to reach students.
In response, the University of California characterized the breach as contained and remediated but said it was making risk‑based decisions about restoring Canvas access, while UC Berkeley’s notice by 2 p.m. on May 8 stated that Canvas had largely been restored and final exams would proceed as scheduled. The California State University system reported that its Canvas services were back online but, in an abundance of caution, had not yet fully reintegrated campus systems or data connections with the platform. The statewide community college office, through technology executive Jory Hadsell, advised colleges to remain alert to potential phishing or scam attempts stemming from the incident. Neither UC nor CSU officials publicly confirmed whether they had paid any ransom demanded by the attackers. By Friday afternoon, Canvas appeared to be slowly coming back online across California’s schools, colleges and universities, allowing limited resumption of academic activities.
