Nationwide security breach involving Canvas

May 7, 2026

Share This Article

Business person touching screen with cybersecurity icons

Updated May 7, 2026

The University of California is closely monitoring the security incidents involving Instructure, the maker of learning management system Canvas used by thousands of educational institutions globally. Across our locations, we are aware that the Canvas login page displayed a suspicious message originating from the threat actor. As always, we encourage our community members to remain vigilant and exercise caution regarding potential phishing attempts. Watch for unexpected messages that seem to come from UC. The university will never ask for passwords, Social Security numbers, birthdates, or bank account information through email, text, or phone calls.

Out of an abundance of caution, the University of California Office of the President has instructed all UC locations to temporarily block or redirect Canvas access, and Canvas access will not be restored until we are confident the system is secure. We understand this disruption is concerning. We will continue to monitor the situation and are evaluating next steps. Protecting the personal and institutional information entrusted to the University remains our highest priority. We will continue to work with UC location partners to understand the impact of these incidents on our students and faculty.

We will provide updates on UCnet as more information becomes available. Your location will provide additional information and guidance as appropriate.

May 6, 2026

Instructure, the maker of the University’s learning management system Canvas, has notified the University of California of a data breach involving Instructure’s systems. This is a nationwide issue affecting thousands of institutions. We are in close communication with Instructure and are actively coordinating with UC location cybersecurity partners to monitor the situation.

As always, we encourage our community members to remain vigilant and exercise caution regarding potential phishing attempts. Watch for unexpected messages that seem to come from UC. The university will never ask for passwords, Social Security numbers, birthdates, or bank account information through email, text, or phone calls.

Instructure is providing status updates on their website. We will share updates with the UC community on this page as new information emerges.

Keep Reading

Register for a UC Global Accessibility Awareness Day event on May 21
May 5, 2026

Learn about accessibility is being put into practice at UC locations and build skills that you can start using right away.
Attend the first event in a new UC AI Council webinar series
May 4, 2026

On May 21, join leading artificial intelligence experts from throughout UC for a fascinating event on AI literacy.
Update on digital accessibility compliance
April 22, 2026

What’s happening The deadline for ADA Title II digital accessibility compliance has been moved to April 26, 2027. The U.S. Department of Justice has extended …