Canvas Outage Disrupts San Jose State Students

Canvas is the place where college classes actually happen now — assignments, grades, lecture slides, discussion posts, all of it. So when it went down at San José State on Thursda(sjsu.edu)e of finals prep, and it happened because Instructure, the company behind Canvas, was dealing with a real cybersecurity incident. SJSU told students and staff t(sjsu.edu) the problem sat with Instructure, not CSU’s own network. (sjsu.edu) ### Why did SJSU student(status.instructure.com)hit by a criminal threat actor, and CSU campuses were told about the incident during the week of May 4. By May 7, SJSU said Canvas was unavailable, and CSU’s central guidance said the vendor had shut down CSU Canvas instances while it worked to contain the incident. (sjsu.edu) ### Was San José State itself hacked? Basically, no — at least that is not what officials are saying right now. CSU’s message is that this incident is limited to Instructure, the third-party company that runs Ca(sjsu.edu)ed. That distinction matters. A vendor breach is still serious, but it is different from someone directly breaking into SJSU’s own campus systems. (lts.calstate.edu) ### What data might be exposed? This is the part making everyone nervous. SJSU says the accessed data may include names, ema(sjsu.edu)s. But the school also says Canvas does not store passwords, Social Security numbers, financial information, or dates of birth, and CSU says password resets are not required right now. (sjsu.edu) ### Who is behind the attack? A hacking group called ShinyHunters has claimed responsibility. Bay Area schools beyond SJSU were caught up too — Stanford, UC Berkeley, San Fr(lts.calstate.edu) breach touched nearly 9,000 schools and 275 million people, though those numbers are the hackers’ claims, not confirmed totals from the universities. (kqed.org) ### Why did this feel so chaotic? Because the outage landed at the worst possible moment. Student(sjsu.edu)erials, and message instructors. Pull that system away in early May and classes do not just get inconvenient — they get scrambled. That is why campuses started warning students to watch email closely for alternate instructions from professors and administrators. (lts.calstate.edu) ### Is Canvas still down? Not in the same way. Instructure’s (kqed.org) the all-out shutdown eased, but it does not mean the story is over. Schools still have to sort through what was exposed, what was interrupted, and what students may have missed while the platform was offline. (status.instructure.com) ### What should students actually do now? The practical advice is boring but important — watch for phishing, do not pay anyone claiming you need money to get back (lts.calstate.edu)lly told people to report suspicious communication, and CSU warned that it will never ask students to pay to access class materials or exams. In a breach like this, the cleanup phase is where scammers usually pile on. (sjsu.edu) ### So what is the real takeaway? The outage is the visible part. The bigger story is how dependent universities h(status.instructure.com)of teaching. When that vendor gets hit, the disruption spreads fast — and students feel it first. (sjsu.edu)