Canvas Outage Disrupts San Jose State Finals

Canvas is the place where a lot of college life actually happens — assignments, grades, lecture slides, messages, the whole routine. So when it went down at San José State on Thursday, May 7, it did not feel like a minor tech hiccup. It landed right as finals work was piling up, and students suddenly could not reach the material they needed. The bigger problem is that this was not just an outage. It was tied to a cybersecurity incident at Instructure, the company behind Canvas. ### What broke at San José State? SJSU told students and staff that Canvas was “down and not operational” as of May 7, after the university learned that Instructure had been hit by a recent cybersecurity incident. That meant the campus learning system many classes depend on was effectively unavailable during a crucial stretch of the semester. Finals at SJSU are not just sit-down exams either — they can include papers, projects, portfolios, and other culminating assignments, which makes a Canvas outage especially disruptive. (sjsu.edu) ### Was this just a local campus problem? No — that is what made it so messy. The disruption spread across colleges and universities in the Bay Area and far beyond, with reports from Stanford, UC Berkeley, and schools around the country. AP described it as a cyberattack-related outage affecting campuses during exam season, and trade coverage showed universities in Texas delaying or scrambling around finals too. Basically, SJSU was one piece of a much larger breakdown. (sjsu.edu) ### What data might be exposed? SJSU’s warning was broader than “the site is down.” The university said cybercriminals might have gained access to personal information stored in Canvas, including names, email addresses, student ID numbers, and user messages. NBC Bay Area reported the same warning to students and faculty. That does not automatically mean every account was fully compromised, but it raises the stakes from inconvenience to possible privacy and phishing risk. (nbcbayarea.com) ### Why does phishing matter here? Because once attackers have names, school emails, course context, or message history, fake follow-up emails get much more convincing. A scam no longer has to look random. It can look like a professor asking for a resubmission, a campus office sending a password reset, or Canvas support offering a fix. That is why Instructure’s own post-incident advice focused on basics like MFA, reviewing admin access, and rotating tokens or keys where relevant. (sjsu.edu) ### Is Canvas back now? Mostly, yes. Instructure said on May 6 that Canvas was fully operational again and that it was not seeing ongoing unauthorized activity, though schools were still dealing with the fallout on May 8. That gap matters. A platform can come back online before a campus has sorted out missed deadlines, missing files, alternate submission plans, and nervous students refreshing their inboxes. KQED and the Chronicle both showed schools moving through that cleanup phase on Friday. (status.instructure.com) ### How did instructors handle the gap? In a very improvised way. One SJSU course site showed an instructor generating PDFs of assignment guidelines and emailing instructors because students could no longer reach materials inside Canvas. That is the real shape of this kind of outage — not just a blank login page, but a sudden shift to backup channels, attachments, and manual deadline flexibility. Professors had to rebuild access on the fly. (status.instructure.com) ### Why did this hit so hard during finals? Because finals week concentrates everything in one system. If Canvas disappears in October, classes can absorb some chaos. If it disappears in early May, students may lose access to rubrics, study guides, submission portals, instructor announcements, and grade visibility all at once. The timing turned a vendor security incident into an academic bottleneck. (infocom.hyperlib.sjsu.edu) ### Bottom line? The SJSU story is not really about one website being down. It is about how much of higher education now runs through a single platform — and what happens when that platform breaks at the worst possible moment. Canvas may be back, but the real aftershock is trust: in deadlines, in messages, and in whether the next email is actually from your school. (sjsu.edu) (sjsu.edu)