Canvas Outage Disrupts San Jose State Finals

Canvas is the place where college classes actually happen now — assignments, lecture slides, quizzes, grades, all of it. So when Canvas went down on May 7, San José State students didn’t just lose a website. They lost access to finals materials in the middle of finals season, along with the normal ways to submit work and check deadlines. The bigger problem is that this was not a local IT glitch. It came from a cyberattack on Instructure, the company behind Canvas, and it hit campuses across the country. ### What actually broke at San José State? SJSU told students and faculty that Canvas was “down and not operational” as of May 7, and the same disruption hit all 23 CSU campuses plus the Chancellor’s Office. That meant professors could not reliably post or collect coursework through the normal system, and students could not count on Canvas for study guides, messages, or final submissions. (sjsu.edu) ### Why did this happen? The outage traces back to a cybersecurity incident at Instructure that began around May 1 and escalated into a broad service disruption during finals week. Security researchers and multiple news reports tied the incident to the hacking group ShinyHunters, which claimed responsibility and tried to extort the company. Instructure later said the issue was contained and service was being restored, but that came after the platform had already gone dark at a brutal moment for colleges. (sjsu.edu) ### Was student data exposed? Possibly, yes — and that is the part schools are still sorting out. SJSU warned that cybercriminals might have gained access to personal information stored in Canvas, including names, email addresses, student ID numbers, and user messages. But the current guidance from schools and incident notices says there is no evidence that passwords, dates of birth, government identifiers, or financial information were involved. (cornellsun.com) ### Why are schools so worried about phishing? Because stolen school data does not need to be especially sensitive to be useful. A convincing email that knows your name, class context, or campus affiliation can trick students into clicking links, resetting passwords, or handing over money. That is why SJSU and other campuses are telling people to be extra skeptical of unexpected messages, especially anything about grades, billing, account recovery, or urgent deadline changes. (nbcbayarea.com) ### Why did this hit finals so hard? Finals week is when Canvas stops being a convenience and becomes the whole workflow. Students need lecture files and review sheets. Professors need submission portals and grade tools. If the system disappears for even a few hours, the semester’s most time-sensitive work gets jammed. That is why campuses around the country started extending deadlines, moving exams, or improvising backup plans. (sjsu.edu) ### Is Canvas back now? Broadly, yes — Instructure said Canvas was available again to most users by May 8, and Bay Area reporting said the platform was brought back online early Friday. But “back online” does not instantly fix everything. Campuses still have to check local access, confirm what data may have been touched, and decide how to handle coursework that got stranded during the outage. (axios.com) ### What is the real lesson here? Higher education has centralized a huge amount of academic life into one vendor platform. That is efficient on normal days. But when that platform fails, the blast radius is enormous — one breach, one outage, and finals week can unravel across thousands of schools at once. (usnews.com) The bottom line is simple. At San José State, the immediate story is missed access and scrambled finals. But the deeper story is that a vendor-level cyberattack can now disrupt the end of the semester for students who did nothing wrong and may never even have heard of Instructure before this week. (apnews.com)