Massive Canvas data breach hits colleges across California and nation, crippling student work - BERITAJA

A cybersecurity breach astatine the institution down the Canvas learning guidance strategy utilized wide crossed higher acquisition institutions, grew into a wide outage Thursday that near students and module astatine dozens of California campuses locked retired of an basal level utilized to entree coursework, readings and assignments during finals preparations.

The disruption astatine Instructure follows a breach disclosed past week successful which a hacker group claimed it stole hundreds of millions of records tied to students and labor astatine about 9,000 schools successful the U.S., Australia and Europe. The group ShinyHunters — which antecedently has claimed to beryllium down hacks of Ticketmaster and AT&T — is taking credit.

On Thursday California students trying to log into Canvas alternatively sewage a connection successful achromatic penning against a achromatic backdrop:

“If immoderate of the schools successful the affected database are willing successful preventing the merchandise of their data, please consult pinch a cyber advisory patient and interaction america privately astatine TOX to discuss a settlement. You person till the extremity of the time by 12 May 2026 earlier everything is leaked.”

A UC Berkeley student shared a screenshot of the threat pinch The Times. By evening, the student said the login process was updated to redirect users to a page that said Canvas was “undergoing scheduled maintenance.”

On its website, Instructure said Thursday day that it had put Canvas “in attraction mode.”

“We expect being up soon, and will supply updates arsenic soon arsenic possible” the institution said.

On Wednesday the patient said Canvas was “fully operational and we are not seeing immoderate ongoing unauthorized activity” aft attacks. The connection said that the breach progressive “names, email addresses, and student ID numbers, arsenic good arsenic messages among users,” but not passwords, dates of birth, financial accusation aliases “government identifiers.”

An Instructure spokesperson did not respond to a petition for further comment.

In California, the effects of the breach rippled crossed the state’s largest nationalist and backstage institutions wrong hours Thursday.

Messages sent to field communities astatine the University of California, California State University, Stanford University and the Los Angeles Community College District said students, unit and module were affected. USC besides said it was moving pinch affected students. The tech failures did not hap simultaneously. Many schools told teachers and students to debar logging into Canvas.

It was unclear whether nationalist schoolhouse districts successful California, immoderate of which besides usage Canvas, were affected. The shutdowns appeared to deed California later than different universities and schools elsewhere successful the nation. Public schoolhouse districts successful Utah and North Carolina reported outages earlier this week. Nationally, campuses including Harvard, Duke and the University of Pennsylvania reported akin outages.

As of Thursday evening, nary of the California colleges indicated they knew of backstage student, module aliases unit information that was compromised.

UC officials said that Canvas would “not beryllium restored until we are assured the strategy is secure.” A connection posted online Thursday evening said each campuses were told to “temporarily artifact aliases redirect Canvas access.”

At UCLA, the field learning portal, Bruin Learn, was moving usually successful the greeting earlier students said they were locked retired by midday.

Titilope Olotu, a inferior double-majoring successful biology and women and reproductive health, said she utilized Bruin Learn — the school-branded type of Canvas — to entree and complete a quiz earlier her 8:30 a.m. class. By early afternoon, she could nary longer find her people materials.

“Oh my gosh, it is truthful concerning. Almost each azygous personification I cognize has been talking about it,” Olotu said. She said she had a marine biology duty owed Friday and a midterm Monday successful an evolutionary medicine course, and that she had not saved the readings offline, making for “a stressful morning.”

Sherry Zhou, a elder majoring successful governmental subject and communications, said the timing was difficult pinch awesome assignments owed and galore professors utilizing Canvas to stock readings and descent decks.

“I americium really successful people correct now and person a insubstantial owed coming that I about apt will person to move successful precocious because we person nary entree to the reading/course materials correct now,” she said successful a matter message, referring to a integer humanities duty worthy a 4th of her last grade. By precocious afternoon, Zhou said she was relieved that her professor offered extensions and promised to stock materials done different transmission if Canvas was still down Friday

In an all-campus connection precocious Thursday, UCLA officials said they had “proactively abnormal section entree to Bruin Learn retired of precaution” while Instructure dealt pinch the outage.

At UC Berkeley, a campuswide connection urged users not to log into Canvas. If logged in, they were told to adjacent tabs “immediately without clicking immoderate links.” The email, signed by Vice Provost for Undergraduate Education Oliver M. O’Reilly and Chief Information Officer Tracy Shinn, said the cyberattack was “impacting institutions and users globally.”

“Campus officials are exploring different paths for students and unit to entree needed information. We admit this important disruption affects school and learning crossed campus. Students should await instructions from their instructors regarding impermanent arrangements for submitting assignments and accessing people materials,” O’Reilly and Shinn wrote.

CSU officials wrote successful a systemwide update that Canvas was down crossed each 22 campuses and astatine the chancellor’s Long Beach office. The connection said the business was “fluid” and that officials were moving pinch Instructure to find the afloat scope of the outage.

A Stanford field announcement said the strategy was besides down, adding that “we do not person an estimated clip of work restoration.

In a statement, USC said that it was “working pinch the students and module successful programs affected by the Canvas issue. We will proceed to show this business and support our students and module updated.”

The Los Angeles Community College District said its 9 campuses were hit. Patrick Luce, the district’s main accusation information officer, said successful a Thursday connection to labor that students and module had begun seeing screens successful Canvas claiming the attackers had stolen LACCD data, and instructed anyone logged successful to log retired immediately.

“There is presently NO EVIDENCE that LACCD’s soul systems person been compromised,” Luce wrote.

Times staffers Terry Castleman and Lee Rogers contributed to this story.