Quick look: A cybersecurity incident involving Canvas disrupted access at schools and universities worldwide, prompting precautionary shutdowns and security reviews. Instructure says there is currently no evidence that passwords, financial information or government-issued identifiers were compromised.
Updated at 10:00 p.m. on May 7, 2026
Canvas access said to be restored for most users as investigation continues
Instructure said Thursday evening that Canvas access had been restored for most users following the widespread cybersecurity incident that disrupted schools and universities across the country.
The company posted on its public status webpage that Canvas Beta and Canvas Test services remain under maintenance while its investigation continues.
***
Updated at 7:33 p.m. on May 7, 2026
Schools worldwide respond to Canvas security breach and service disruptions
Schools, colleges and universities across California and around the world were responding Thursday to a widespread cybersecurity incident involving Canvas, an online learning management platform commonly used for coursework, assignments and communication.
The incident disrupted access at institutions ranging from K-12 school districts to major university systems, including the University of California, California State University and California Community Colleges. Multiple news organizations also reported outages and access restrictions at universities nationwide during final exam season, impacting Harvard, Duke and the University of Michigan.
Canvas is operated by Instructure, which disclosed on May 1 that it had experienced what the company described as a “cybersecurity incident perpetrated by a criminal threat actor.” According to updates posted on Instructure’s public status page, the company has been working with outside forensic experts while implementing additional monitoring, revoking credentials and deploying security patches.
On Thursday, May 7, some users attempting to access Canvas instead encountered messages attributed to a group calling itself “ShinyHunters,” which claimed responsibility for the attack and threatened to release data from affected schools. Similar screenshots were shared by users across the country.
Instructure said its investigation so far indicates that information potentially involved in the breach includes names, email addresses, student ID numbers and messages exchanged between Canvas users. The company said it has found no evidence that passwords, dates of birth, government-issued identifiers or financial information were compromised.
Orange County Superintendent of Schools Dr. Stefan Bean said OCDE is closely monitoring the situation and encouraging local Canvas users — including those in the department’s ACCESS program — to follow cybersecurity best practices.
“This situation is understandably concerning for students, families and educators who rely on digital learning platforms every day,” Bean said. “We are monitoring developments closely and remain in communication with technology and cybersecurity partners as more information becomes available.”
Many institutions advised students and employees not to log into Canvas while security reviews continued. Some schools temporarily disabled local access to the platform or shifted to alternate methods for sharing assignments and instructional materials.
Meanwhile, cybersecurity officials have warned users about scam emails and phishing attempts connected to the incident. California Community Colleges officials advised users not to open attachments, click unknown links or respond to messages claiming to come from the attackers.
Instructure said it will continue providing updates as its investigation progresses.