UPDATE: Thursday, May 7 at 10 p.m. — Canvas is back! Although it works on mobile app, the website is still down through Insite.
Here are some updates of what happened before it came back:
UPDATE: Thursday, May 7 at 2 p.m. – Canvas was inaccessible to students and faculty on Thursday following a data breach earlier in the week.
Canvas experienced a new, widespread outage Thursday, with more than 15,000 users reporting problems by early afternoon, according to Downdetector. Instructure confirmed on its status page that Canvas, Canvas Beta, and Canvas Test were “currently unavailable.”
In a Thursday afternoon email to all employees obtained by The Advocate, Katherine Ogden, acting director of Information Technology for the district said leaders “are aware of the current Canvas outage affecting access to the platform.
“At this time, the issue appears to be impacting Canvas users broadly and is not isolated to our district,” Ogden added. “We are actively monitoring the situation and will share updates as soon as we receive additional information from Instructure.”
Ogden said an email would be sent to all students and a message would be posted on the portal. As of Thursday evening, no email or text had been sent to students.
Jennifer Ortega, the district’s director of communications and community relations said in an email, “we were made aware earlier this week of reports regarding a cybersecurity incident affecting Instructure, the owner of the Canvas learning management system used by the Contra Costa Community College District and across the state and nation.
Ortega said that Instructure and the California Community Colleges Security Center “communicated that any risk had been contained and managed, and no action was required from faculty, staff, or students.” But Thursday, the situation changed.
The district disabled Canvas from its Single Sign On platform and Microsoft integrations Thursday after Instructure identified an additional security issue, district officials confirmed. Canvas experienced a widespread outage the same day, with more than 15,000 users nationwide reporting problems, according to Down detector.
“This afternoon, Instructure identified an additional security issue,” Ortega wrote. “Our District has taken measures to temporarily disable Canvas from our Single Sign On platform as well as integrations to our Microsoft platforms. We are continuing to monitor this situation closely and will provide updates as more information becomes available.”
Ortega also advised, “Please remain alert for any unusual or suspicious communications, including phishing emails.”
Original story published May 6 at 6 p.m. – Student emails, names, and ID numbers, as well as Canvas inbox private messages were compromised in a data breach during the first few days of May, according to Instructure, the parent company of the widely used learning management system, Canvas.
Contra Costa Community College District uses Canvas as its main system for online learning and instruction.
Acting IT Director for the district, Katherine Ogden, sent an email to faculty across the district explaining that on April 30, Canvas identified “disruptions affecting some integration tools”and that a “potential security incident was reported and investigated.”
Ogden said no passwords were included in the breach because the district uses a single sign-on process.
The leak has since been investigated and resolved, according to Instructure Chief Information Security Officer Steve Proud.
“While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained,” Proud said in a May 2 update.
ShinyHunters, a hacker and extortion group known for high-volume breaches, claimed responsibility for the breach, according to Ransomwire.live, an aggregate site that collates information from ransomware groups.
According to that site, Canvas has been hit by ShinyHunters before, in a summer 2025 attack that was discovered that October.
It also reported that 3.65 terabytes of data – equivalent to 1,000 hours of HD video or 900,000 photos – were accessed in the leak.
“This breach follows a clear pattern we’ve been watching for the last 18 months,” Doug Thompson, chief education architect and director of solutions engineering for Tanium, a cybersecurity management company, told Inside Higher Ed. “Instead of targeting individual campuses, attackers are moving up the data supply chain to the platforms that sit underneath thousands of institutions at once.”
It isn’t publicly known what the group’s demands were, but a letter from the group is shown on Ransomware.live:
“Nearly 9,000 schools worldwide are affected. 275 million individuals data ranging from students, teachers, and other staff containing PII,” it reads. “Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved. Pay or Leak. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”
Many of the 116 community colleges in California use Canvas, according to California Virtual Campus, a consortium of online classes.
Instructure has not released further comments on the issue at time of writing, but in an email acquired by The Advocate, the California Community College Chancellor Sonja Christian explained “several outlets have reported” on the attack. Christian would then explain that there was “no evidence at this time” that Social Security numbers, Financial Data, or Date of Birth information was included in the breached data.
“At this point,” Christian explained in the email, “The risk to our colleges appears contained and manageable. The primary area to watch is phishing and social engineering.”
This is a developing story. Check back for updates.
