Skip to main content Skip to footer
Login to Portal
Home > Updates > Canvas Incident Report
Cybersecurity
Canvas Incident Report
Cybersecurity
Canvas Incident Report

Canvas Incident Report

May 8, 2026 - Update

Canvas is currently coming back online across the California Community Colleges system. Colleges are taking a careful, phased approach to restoring access to help ensure systems and user information remain secure for our students and faculty.

Our systemwide Security Center is working closely with Instructure and our college technology teams to follow best practices and implement additional safety measures based on our assessment.

As colleges restore access, we are also reminding our campus communities to remain alert to potential phishing or scam attempts. Canvas users should be cautious of unexpected emails or messages that request personal information, prompt urgent action, or include suspicious links or attachments.

NOTE: Canvas and Instructure will never contact individuals asking for personal login or sensitive information. If a student receives a suspicious message, they should not respond and report it immediately to their college instructor, IT or security team.

Our highest priority is protecting our students and working with our colleges to bring Canvas fully back online in a safe and secure manner.

For the most recent updates from Canvas/Instructure please visit https://www.instructure.com/incident_update

In late April 2026, Instructure — the company behind Canvas, the learning management system used by all 116 California Community Colleges — experienced a cybersecurity incident in which a criminal threat actor gained unauthorized access to their systems. Instructure detected the intrusion on April 29th, immediately began containment, and confirmed the incident publicly over the following days. A threat actor group subsequently claimed responsibility and attempted to extort the company using a "pay or leak" approach. Based on the investigation to date, data that may have been exposed includes names, email addresses, student ID numbers, and messages within the Canvas platform. There is no evidence that passwords, Social Security numbers, financial information, or dates of birth were involved.

The California Community Colleges Security Center began tracking this incident on May 1st and has been actively monitoring developments in close coordination with the California Community Colleges Chancellor's Office. The privacy and security of our students and employees is something we take seriously, and we are committed to keeping our campus communities informed as the investigation continues. Canvas remains fully operational and the incident has been contained, though the investigation with outside forensic experts is ongoing.

 

May 7, 2026 - 2nd Update

  • Canvas has begun restoring access to the platform, however the investigation and security validation process is not yet complete
  • The CCC Security Center and Chancellor's Office are recommending that districts suspend access to Canvas until Instructure provides documented assurances that the platform is safe and that student and employee data is protected


Out of an abundance of caution, colleges are taking a thoughtful approach before returning to normal instructional use. Thank you to our students, faculty, and staff for your patience and flexibility as we continue working with Instructure and campus teams to support a safe return to service. Please continue following guidance from your college for next steps.



May 7, 2026 Update

We have received reports of some users receiving an email scam message from the group that hacked Canvas. The email claims hackers have been monitoring the user’s activity on web browsers and seeks payment in Bitcoin within 48 hours to have any compromising information deleted. This is a scam and anyone receiving such a message should delete it immediately. Do not click on any links, open any attachments, download files, or respond.

We are aware that Canvas is currently down systemwide. We are actively coordinating with Instructure/Canvas and we will share additional information as it becomes available.

May 6, 2026 Update

  • A threat actor group has claimed responsibility for the Canvas breach and is attempting to extort Instructure — this is a vendor level incident, not a targeted attack on any individual college
  • Based on current information from Instructure, the data involved includes names, email addresses, student ID numbers, and Canvas messages. At this time, there is no evidence that passwords, Social Security numbers, financial information, or dates of birth were compromised
  • The main risk right now is phishing or scam messages. Because some basic information may have been accessed, these messages could look more convincing than usual.

What to watch for:

  • Unexpected messages referencing your courses, instructors, or Canvas activity
  • Anything asking you to click a link, open an attachment, or share your login
  • When in doubt, go directly to Canvas yourself rather than clicking any link sent to you

Canvas is fully operational. If something feels off, trust your instincts and contact your campus IT help desk.


May 4th, 2026 Update

  • Instructure confirmed a security incident involving unauthorized access to certain Canvas data
    • Data that may have been affected includes names, email addresses, student ID numbers, and messages within the Canvas platform
    • There is no evidence that passwords, dates of birth, Social Security numbers, or financial information were involved
    • There is no indication of impact to Student Information Systems or other third-party systems
  • The incident has been contained, though the investigation remains ongoing with external forensic experts engaged
  • The CCC Security Center and Chancellor's Office are working directly with Instructure to validate scope and coordinate next steps

No immediate action is required at this time — please remind your teams to stay alert for phishing or suspicious communications referencing this incident

The Chancellor’s Office is staying closely engaged with both Instructure and our Security Center

If you have questions, please contact your campus IT office. 

May 1st through 3rd, 2026

The CCC Security Center began tracking this incident on May 1st and has been actively monitoring developments since. Several California Community College districts were notified of a global cybersecurity incident involving Canvas, and the Security Center issued a system-wide notification to all districts with available information.

Canvas continues to provide updated information on their status page: https://www.instructure.com/incident_update