Canvas hack strands students during finals week as UC and CSU systems monitor breach

Students attempting to access grades, study materials and quizzes were met instead with a message from a hacker on Thursday, as a widespread breach hit universities and high schools across the country, including the University of California and California State University systems.

The attack targeted Canvas, a cloud-based digital hub for classrooms. UC and Cal State officials said they are monitoring the situation and gathering information as Instructure, the company behind Canvas, works to restore service. UC Berkeley said it was not directly targeted.

UPDATE: Canvas system back online after cyberattack disrupted thousands of schools

Universities and school systems across the country, from the University of Pennsylvania to Georgetown University to the the University of Oklahoma, reported a ransom note on the homepage of their schools' Canvas sites.

UC Berkeley sent a community-wide email instructing its students not to access Canvas until further notice: "We recognize this significant disruption affects teaching and learning across campus. Students should await instructions from their instructors regarding temporary arrangements for submitting assignments and accessing course materials."

Acalanes Union High School District sent a communitywide email informing families about a cybersecurity incident that disabled the Canvas platform. The district also reminded users, "Do not respond to suspicious emails, texts or login requests, do not share passwords or verification codes, and ignore unexpected account access requests."

Half of all college and university students in North America use Canvas or Canvas Career, parent company Instructure claims on its website, with more than 8,000 institutions as customers. Many of those students are in the middle of a busy spring finals week.

This is the second data breach this month among schools and universities. Hacking group ShinyHunters claimed responsibility for both attacks. In the note, reported by different student news outlets, the group demanded ransoms to prevent further data leaks.

"ShinyHunters has breached Instructure (again)," read a warning on a University of Washington student's account around noon PT, which was seen by CNN. "Instead of contacting us to resolve it they ignored us and did some 'security patches.'"

Instructure said on its website that Canvas was "in maintenance mode" late Thursday afternoon, adding that it was investigating the issue.

On May 1, in a different attack, Instructure said it "experienced a cybersecurity incident perpetrated by a criminal threat actor" but contained the situation the next day. But the company indicated that user names, email addresses and student ID numbers were breached.

"Instructure still has until EOD 12 May 2026 to contact us," Thursday's note said.

CNN has reached out to Instructure for comment.

Students react

"I'm hoping that it's only going to last a day," said Vhena Omojola who is hoping to graduate from UC Berkeley in less than two weeks.

"Have you tried to access, go on the system and what did it say?" asked ABC7 Eyewitness News reporter J.R. Stone.

"Nothing, it just says you're logged out you can't. I tried to log in three times and nothing happened," said DiMarco Marenco who is also hoping to graduate soon.

"In the announcement they said by May 12 if you don't send the money or something, and that's really hard for us because I have a final on the 11 so we can't wait until May 12," proclaimed Dallas Turner.

"I would say I am very concerned because my finals are online and it's a lot of papers. I was just doing a paper today and I have a paper tomorrow and I wasn't able to access the format or the type of structure they want," said Namod Paloek.

The hack, or online attack, comes as Berkeley's Class of 2026 prepares for finals next week, and graduation the week after. Study materials and assignment instructions on Canvas unavailable when we spoke with students.

"It's no coincidence that it happened now because this is the time when the hackers have the most leverage," said Tony Coulson of CSUSB.

Coulson is the executive director of the Center for Cyber at AI at California State University. He says the system was targeted, but students may be- too.

"Be very aware of what will be a phishing attempt for students, just like trying to get them to pay to take exams and other things," said Coulson.

"I was so excited to be done with Berkeley to go on my life to start my career after graduation, but now I'm worried about oh what's going to happen with my grades because I can't even see the grades," said Paloek.

"I'm not surprised that it's happening, but I am surprised that it's happening on this scale right now," said Emma Dasigaguada.

Students at UC Berkeley told us that some of their teachers have sent out emails with study information on it and others say the info has been put in Google Docs. Still though, each student we talked with said they are awaiting word in several courses. Many saying they have a mix of final exams being on paper, and online.

The-CNN-Wire
& 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

ABC7 Eyewitness News reporter J.R. Stone contributed to this report