Aftermath of the Canvas breach: What’s next?

May 27, 2026 at 11:00 am by Isabella Le

On Thursday, May 7, Canvas, the online learning platform, was shut down at UC Santa Barbara after a cyberattack caused an Instructure data breach. The attack was organized by a cybercriminal group known as “ShinyHunters.” Although UCSB was not on the list of hacked schools, Canvas was shut down “out of an abundance of caution” from the UC and was restored to operation two days later. By May 11, the UC announced that Canvas access was “restored across all UC locations.”

The data breach did not include passwords, dates of birth, government identifiers or personal information. Courtesy the OU Daily

Newly released statements reveal how hackers were able to breach Instructure’s Canvas database and how the situation was eventually resolved. Multiple users are taking legal action against Instructure, the parent company of Canvas, for failing to protect user data.

Names, email addresses, student ID numbers and messages among Canvas users adding up to 275 million individual records were compromised in the data breach. According to Instructure, the breach did not include passwords, dates of birth, government identifiers or personal information. In a May 11 statement, parent company Instructure stated that the stolen data was returned to them.

“We received digital confirmation of data destruction (shred logs),” the statement read. “We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.”

This came after Instructure paid an undisclosed ransom to ShinyHunters before May 12, the deadline the cybercriminal group set before they would leak the data.

ShinyHunters declined the Daily Nexus’ request for comment.

This is not the first time the hacker group has breached data or demanded a ransom in exchange for its return. In May of 2024, ShinyHunters stole the call records of millions of customers of the telecommunications company AT&T. AT&T then paid ShinyHunters about 5.72 bitcoin, worth $373,646 at the time of transaction, for the group to delete the data, along with video evidence of the deletion.

That same year, Shinyhunters also allegedly obtained user data from Ticketmaster in attempts to sell it on the dark web.

Instructure has since confirmed that hackers exploited a vulnerability in their program “using one of [their] Free-For-Teacher accounts,” which have since been temporarily disabled.

Instructure’s response to the data breach includes rolling out “CrowdStrike’s Falcon Endpoint Detection & Response tool across the Instructure network to provide 24/7 monitoring capabilities,” which “has not detected any ongoing unauthorized access to any Instructure product.”

More than two dozen class action lawsuits have been filed involving Instructure or related entities in response to the data breach.

A San Diego resident affected by the cyberattack filed a lawsuit in San Diego federal court accusing Instructure of failing to “implement adequate and responsible measures to ensure” the “safeguarding of personally identifiable information” of the plaintiff and class members.

A nursing student at Baylor University filed a class action lawsuit in U.S. District Court alleging that compromised student messages could include requests for accommodation for disabilities, harassment complaints and other sensitive or potentially embarrassing communications.

As for UCSB, the student body shared mixed perspectives on how the Canvas data breach affected them.

Mira Langin, a second-year political science and global studies double major, expressed frustration over trying to access study materials during the Canvas shutdown. Langin also explained that her course assignments and deadlines were not shifted during the shutdown.

“Some of my professors emailed me the readings, but a lot of them didn’t really change what they were teaching or doing because Canvas was down, which was really difficult,” Langin said.

Unlike Langin, first-year mechanical engineering major Alex Sur said that the Canvas shutdown didn’t affect him a great deal.

“I wasn’t super strongly impacted by the Canvas breach because a lot of the materials for my classes I already had downloaded,” Sur said.

He explained that he was grateful that the ransom was paid in exchange for the deletion of the data.

“But, if my data did get leaked then I’d be pretty upset,” Sur said.

A version of this article appeared on p. 6 of the May 28 print edition of the Daily Nexus.