Is Canvas back online? Company says yes, CA colleges still ‘in the middle of it’
AI-generated summary reviewed by our newsroom.
- Canvas was restored online after a nationwide outage caused by a data breach.
- The company said names, email IDs and messages were taken in the data breach.
- Several California colleges kept Canvas restricted while security validations continued.
Canvas — a learning management platform used by thousands of universities and colleges across the country — was back online Friday morning after a data breach caused a nationwide outage. However, access remained restricted for students and staff at several schools including UC Davis, Sacramento State and the Los Rios community colleges.
“The Los Rios and California Community Colleges version of Canvas has not been cleared for resumed use, as the CCC Chancellor’s Office is still validating security protocols to ensure the system is safe,” Gabe Ross, spokesperson for the Los Rios Community College District, said.
The district, he added, would do its own assessment of the safety of the system before resuming its operation.
Michelle Willard, spokesperson for Sacramento State, said the university was “working diligently and in the middle of it.” Officials at UC Davis said the campus was working with the University of California system to ensure the platform was safe to use before encouraging its community to re-engage with it.
On Thursday, Canvas suddenly went down for students in the Sacramento area and across the nation, taking with it access to course materials, assignments and grades.
Instructure, the developer, said it took the system offline after it identified “unauthorized activity” by a hacker who made changes to the pages that appeared when students and teachers logged in to the system. This activity, it said, was tied to a data breach that occurred April 29.
Based on its investigation so far, the company said data including names, email addresses, student ID numbers and messages were taken in the April 29 incident. There was no evidence, it said, that passwords, Social Security numbers, financial information or other highly sensitive data had been compromised.
“We’ve notified law enforcement, including the FBI, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and international law enforcement partners,” the company wrote on its website.
Brian Watkins, spokesperson for Instructure, said the hacker had exploited an issue related to the company’s Free-For-Teacher accounts. These accounts allow independent educators to create their own courses without an institutional affiliation. Now, Instructure has temporarily shut down that feature.
“This gives us the confidence to restore access to Canvas, which is now fully back online and available for use. We regret the inconvenience and concern this may have caused,” Watkins said.
A group called ShinyHunters has claimed responsibility for the outage and warned affected schools to “negotiate a settlement” with the group by May 12 to prevent the release of their data.
At schools, many of which are about to hit finals week, the incident has caused major academic disruption.
“It’s challenging when things like this happen,” said Joanne Tippin, nutrition instructor at Shasta College. “Students are trying to get their assignments in on time right now. But everyone’s been really good about telling us what’s going on. And we’re trying to do the same for our students.”
This story was originally published May 8, 2026 at 11:29 AM.
