Canvas back online for some California schools after widespread hack — with conditions

Canvas, the online education platform managed by Instructure, resumed limited operations for some California schools on May 8 after a cyberattack disrupted services statewide. The attack, involving an unauthorized actor identified as Shiny Hunters, forced the platform offline on May 7, affecting colleges, universities, and K-12 districts amid final exams and assignments. Instructure’s incident report revealed potential exposure of user data, including names, email addresses, and student IDs, though passwords, birthdates, and financial details remained unaffected. Shiny Hunters claimed responsibility, threatening to release stolen data on May 12, 2026, unless impacted institutions consulted a cybersecurity firm and negotiated a settlement. The group also sent scam emails to users, demanding Bitcoin payments to delete compromised information, which California Community Colleges (CCC) warned were fraudulent. Instructure confirmed the breach exploited vulnerabilities in Free-For-Teacher accounts, leading to their temporary shutdown to restore system security. While Canvas was restored for some users, many California institutions, including all 116 CCC campuses, remained locked out as of midday May 8. Instructure’s senior communications director, Brian Watkins, stated the company acted cautiously to contain the threat, emphasizing that access was prioritized over immediate restoration. The incident underscored ongoing risks in digital education platforms, particularly during critical academic periods.