Canvas, a widely used learning platform, is undergoing a major cybersecurity attack, affecting millions of students and instructors across the country, including those at Cal Poly and Cuesta College.
According to NBC, the criminal extortion group ShinyHunters is claiming to have stolen over 275 million records from Canvas parent company Instructure. The group says the stolen data could include private information such as full names, email addresses, student IDs, and messages.
The platform is used by students and instructors to turn in assignments, take exams, connect with instructors, and much more.
When students try to access the platform, most of them are seeing an error screen. It is unclear when the platform is expected to start operating again.
In a statement to students and staff, Cal Poly said:
“Out of an abundance of caution, the California State University campuses have temporarily blocked or redirected Canvas access, and Canvas access will not be restored until we are fully confident the system is secure.”
Dear Students, Faculty, and Staff, This is to update you on the latest information we have regarding the cybersecurity incident involving Instructure, the vendor that provides Canvas, Cal Polys learning management system. We have been informed that the threat actor has escalated their attack on Instructure. In response, Canvas has been taken offline at all campuses while they address the threat. Out of an abundance of caution, the California State University campuses have temporarily blocked or redirected Canvas access, and Canvas access will not be restored until we are fully confident the system is secure. CTLT and ITS teams, in coordination with CSU systemwide officials and cybersecurity experts, are actively investigating the situation and working to provide options for continuing operations as quickly and safely as possible. Because we do not know the length of the outage, the campus is planning alternative ways in which faculty and students can complete their courses and assignments for the remainder of the quarter. Faculty are encouraged to communicate with students using alternative channels provided <a href=”https://urldefense.com/v3/__https://canvassupport.calpoly.edu/important-update-canvas-may-2026-security-incident__;!!FJkDyvWmnr4!c7ylLMD7tXVMR5f0UR4C8tYW2AfdlObiz38OF8lNK1fYAqFYQ7kRmHgWzjMm1zPk5P7WPf84t8pcBu270l5YbJv7$”>here [canvassupport.calpoly.edu]</a> and students should check their campus email regularly for updates and instructions. Threat actors often try to take advantage of incidents such as this. We encourage all community members to remain vigilant and immediately report any suspicious communications, which could include messages that appear to come from within your campus community. If you encounter such an activity, please report it to <a href=”mailto:abuse@calpoly.edu”>abuse@calpoly.edu</a>. CSU will never ask you to pay money to access your Canvas materials, including examinations. Please log out immediately and notify <a href=”mailto:abuse@calpoly.edu”>abuse@calpoly.edu</a> if you are asked for any payment information. We understand this is causing a major disruption at a time when our faculty, staff and students are preparing for the end of the academic term and commencement ceremonies. We sincerely appreciate your patience and unwavering commitment to serving our students. Protecting the security and privacy of our students and employees is a top priority. Updates will be provided as more information becomes available. Please continue to refer to the CSU Canvas Incident Reports page for updates and resources at <a href=”https://urldefense.com/v3/__https://lts.calstate.edu/csu-canvas-incident-reports__;!!FJkDyvWmnr4!c7ylLMD7tXVMR5f0UR4C8tYW2AfdlObiz38OF8lNK1fYAqFYQ7kRmHgWzjMm1zPk5P7WPf84t8pcBu270ib9hz-Q$”>https://lts.calstate.edu/csu-canvas-incident-reports. [lts.calstate.edu]</a> Sincerely, Kyle Gustafson Campus Information Security Officer