On May 7, 2026, at approximately 1 P.M., UCSD Canvas went down due to a hack at Instructure, the developer and publisher of Canvas. The hack began with a message from ShinyHunters, an extortion group responsible for multiple significant data breaches at large companies.
When students attempted to access Canvas, the page displayed a message from ShinyHunters. The message included a list of affected schools and a settlement demand to avoid the release of personal data. Schools were instructed to contact ShinyHunters through TOX, an encrypted messaging service, to negotiate the settlement before the end of the day on May 12, 2026.
UCSD was among over 9,000 schools affected by the hack. After the message was taken down, Canvas displayed a screen stating, “Canvas is currently undergoing scheduled maintenance.” As a result of this message, students at all affected schools were unable to access Canvas until the situation was resolved.
At 2:45 P.M. on May 7, the Office of the Executive Vice Chancellor sent an email to all UCSD students and staff informing them that it was actively monitoring the situation and instructing them not to log in to Canvas until further notice. These instructions were enforced until May 9, 2026, when another email was sent stating that The University of California was approved to restore access to Canvas.
As of May 11, 2026, a status update on Instructure’s website states that Instructure has reached an agreement with ShinyHunters, and no Instructure customers will be extorted as a result of the data breach. Instructure has also received digital confirmation of data destruction.
If students would like to remain cautious, The Triton suggests they change any passwords connected to their Canvas account.
Benjamin Alvarez is the News Editor for The Triton.