News
University of California, Berkeley data breach: 600,000 records reportedly stolen
BlogBreachesResourcesNews
University of California, Berkeley data breach: 600,000 records reportedly stolen

University of California, Berkeley data breach: 600,000 records reportedly stolen

UpGuard Team
UpGuard Team
May 8, 2026

Key facts: University of California, Berkeley data breach

  • Date reported: May 7, 2026
  • Target entity: University of California, Berkeley
  • Source of breach: Ransomware group ShinyHunters
  • Data types: Student and staff email addresses, names, student IDs, and private messages
  • Status: Under investigation; reported on May 7, 2026.
  • Severity: Medium; exposure of names, email addresses, and student IDs increases risks of targeted phishing and identity theft.

What happened in the University of California, Berkeley data breach?

The University of California, Berkeley (berkeley.edu) is investigating a security incident involving its learning management platform, bCourses, which was reported on May 7, 2026. The black-hat cybercrime group ShinyHunters has claimed responsibility for the attack, which stems from a broader breach of Instructure's Canvas platform. The threat actor alleges they have stolen over 600,000 records from UC Berkeley and is demanding a ransom payment to prevent the data from being leaked online.

The incident is classified as medium severity due to the exposure of personal identifiers and internal communications. Compromised data reportedly includes student and staff names, email addresses, student IDs, and private messages. As a result of the nationwide breach affecting thousands of educational institutions, the Canvas platform was taken offline. Such incidents typically lead to increased risks of social engineering and unauthorized access to university accounts.

Who is behind the incident?

ShinyHunters is a black-hat cybercrime group identified as the party responsible for the claims against University of California, Berkeley. According to the reported details, the group has a documented history of conducting ransom attacks against various organizations. In this specific campaign, ShinyHunters claims to have compromised a significant volume of data, asserting that a ransom payment could prevent the release of personal information belonging to over 275 million individuals across more than 7,000 educational institutions. The group's methods involve threatening to leak stolen records unless their financial demands are met.

Impact and risks for University of California, Berkeley customers

For students and staff at the University of California, Berkeley, the exposure of names, email addresses, and student IDs poses several security risks. Threat actors may use this information to launch sophisticated phishing campaigns or attempt credential stuffing attacks on other platforms. The inclusion of private messages in the stolen data could also lead to privacy concerns or targeted social engineering attempts.

To mitigate these risks, affected individuals should remain vigilant against unsolicited communications and monitor their accounts for suspicious activity. Implementing multi-factor authentication (MFA) and updating passwords for academic and personal accounts are essential protective measures. Prompt reporting of security incidents and transparent communication from the institution are critical for managing the long-term impact of such data exposures.

How to protect against similar security incidents

Following the breach of UC Berkeley's learning management system and the exposure of student identifiers, it is important to secure digital identities and monitor for phishing attempts.

  • Enable phishing-resistant multi-factor authentication. Use hardware security keys or app-based authenticators for all university and personal accounts. Avoid SMS-based MFA, as it is vulnerable to SIM swapping and interception.
  • Monitor for targeted phishing campaigns. Be extremely cautious of emails or messages asking for login credentials or sensitive information. Verify the identity of senders through official university channels before clicking links or downloading attachments.
  • Rotate academic and personal passwords. Change the password for your CalNet ID and any other services where you may have used similar credentials. Use a password manager to generate and store unique, complex passwords for every account.
  • Implement continuous attack surface management. Organizations should utilize tools to monitor third-party vendor risks and identify vulnerabilities in their digital ecosystem. Regularly audit access permissions for learning management systems and other cloud-based platforms.

Staying proactive with credential hygiene and remaining skeptical of unexpected communications are the best defenses against the aftermath of this breach.

Frequently asked questions

What happened in the University of California, Berkeley security breach?

ShinyHunters claimed responsibility for a security attack on University of California, Berkeley (berkeley.edu) in May 2026. The incident was first reported on May 7, 2026.

When did the University of California, Berkeley breach occur?

The University of California, Berkeley breach was publicly reported on May 7, 2026. ShinyHunters referenced the incident around that time, but the attack may have occurred earlier.

What data was exposed?

The incident reportedly exposed student and staff names, email addresses, student IDs, and private messages.

Is my personal information at risk?

If you interacted with University of California, Berkeley, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

University of California, Berkeley is expected to secure its systems, notify affected parties, and provide guidance on protective actions. Educational institutions typically review security measures and deploy attack surface management tools to prevent future third-party breaches.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is ?

  • Check icon
    View our free preliminary report on ’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View 's score
View score
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
ShinyHunters claims Utah data breach affecting student personal information

ShinyHunters claims Utah data breach affecting student personal information

A data breach involving Utah was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 6, 2026
University of Minnesota data breach: what happened and what's at risk

University of Minnesota data breach: what happened and what's at risk

A data breach involving University of Minnesota was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 8, 2026
University of Toronto data breach: what happened and what's at risk

University of Toronto data breach: what happened and what's at risk

A data breach involving University of Toronto was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
Duke University data breach: what happened and what's at risk

Duke University data breach: what happened and what's at risk

A data breach involving Duke University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
ShinyHunters claims Liberty University data breach affecting student and staff information

ShinyHunters claims Liberty University data breach affecting student and staff information

A data breach involving Liberty University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
Harvard University data breach: what happened and what's at risk

Harvard University data breach: what happened and what's at risk

A data breach involving Harvard University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating