Nationwide data breach takes down learning portal used by CSU, UC systems
For thousands of college students in the Sacramento area and across the nation, accessing course materials, assignments and grades online is currently not possible.
Canvas — a learning management platform used by the University of California, California State University systems and the Los Rios Community College District campuses — is down following a data breach.
The CSU system said in a statement Thursday it was working with the developer Instructure, Inc. to determine the full scope of impact and would provide updates as they became available.
“We are aware that Canvas is down across ALL CSU campuses and at the Chancellor’s Office,” the statement said. “Instructure is working diligently to gather more information and get systems restored. This situation is fluid.”
While Instructure did not immediately respond to a request for comment, the company is providing status updates on its website. In an update on Wednesday afternoon, the company confirmed a recent “cybersecurity incident perpetrated by a criminal threat actor” and said it was actively investigating the incident.
Although some personal information associated with user accounts may have been involved, the company said there was no evidence that passwords, social security numbers, financial information or other highly sensitive data had been compromised. The company said in its Wednesday afternoon update that it believed the incident has been contained and Canvas was fully operational.
However, as of Thursday, Canvas remained unavailable for students and staff at UC Davis, Sacramento State, the Los Rios Community College District campuses and several other institutions across the nation.
For some users, a log-in attempt on Thursday afternoon yielded a message from a group called ShinyHunters that claimed responsibility for the outage.
“ShinyHunters has breached Instructure (again),” the message said. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
The message warned affected schools to “negotiate a settlement” with the group by May 12 to prevent the release of their data.
.jpeg "DEDFAF8E-03F0-4D6E-BFBF-8ACD23DAFDE5 (1).jpeg")
Sacramento City College, in a statement posted to Facebook Thursday afternoon, warned students not to click on links in the error message that appeared on attempting to log in to Canvas.
The University of California, meanwhile, said it was in “close communication” with the developer Instructure and was “actively coordinating” with cybersecurity partners to monitor the situation.
This story was originally published May 7, 2026 at 4:32 PM.
