News
ShinyHunters claims University of California data breach following Canvas platform hack
BlogBreachesResourcesNews
ShinyHunters claims University of California data breach following Canvas platform hack

ShinyHunters claims University of California data breach following Canvas platform hack

UpGuard Team
UpGuard Team
May 8, 2026

Key facts: University of California data breach

  • Date reported: May 7, 2026
  • Target entity: University of California
  • Source of breach: Ransomware group ShinyHunters via Instructure Canvas
  • Data types: Sensitive data (specific types not disclosed)
  • Status: Under investigation; reported on May 7, 2026.
  • Severity: Medium; sensitive data allegedly stolen from a third-party learning platform, posing risks of phishing and extortion.

What happened in the University of California data breach?

The University of California (universityofcalifornia.edu) is investigating a data breach stemming from a security incident at Instructure, the provider of the Canvas learning platform. The incident, publicly reported on May 7, 2026, involves the threat actor group known as ShinyHunters. The breach has reportedly affected thousands of institutions, including colleges in the Sacramento area, leading to widespread outages of the platform.

According to reports, ShinyHunters claims to have compromised the Canvas platform and exfiltrated sensitive data. The group is reportedly demanding a settlement to prevent the information from being leaked. In response, universities have advised students to refrain from clicking on suspicious links while the platform remains offline. This medium-severity incident highlights the risks associated with third-party software supply chains. While the full extent of the compromised data is currently under investigation, such incidents typically lead to increased risks of phishing and unauthorized account access.

Who is behind the incident?

ShinyHunters is a well-known cybercriminal collective that first emerged around 2020. The group is primarily associated with high-profile data breaches and the subsequent sale of stolen databases on dark web forums or extortion attempts. ShinyHunters typically targets large organizations and service providers to gain access to vast amounts of user data, including personal information and credentials. They are known for using various methods, such as credential stuffing and exploiting vulnerabilities in cloud environments or third-party platforms, to bypass security measures and exfiltrate data for financial gain.

Impact and risks for University of California customers

For students and staff at the University of California, the breach poses several potential risks. If sensitive personal or academic data was exfiltrated, individuals could face targeted phishing campaigns or social engineering attacks. There is also a risk of credential abuse if login information for the Canvas platform was compromised, which could lead to unauthorized access to other university systems. The temporary outage of the learning platform also causes significant service disruption to academic activities.

Typical outcomes of such breaches include the unauthorized sale of data on the dark web. To mitigate risks, affected individuals should change their passwords, enable multi-factor authentication (MFA) on all university accounts, and remain vigilant against unsolicited communications. Transparency from the university and Instructure is essential for helping the community navigate these security challenges.

How to protect against similar security incidents

Following the breach of the Canvas platform affecting the University of California, students and faculty should take immediate steps to secure their digital identities and monitor for signs of unauthorized activity.

  • Update credentials and enable MFA. Change passwords for Canvas and any other accounts sharing the same credentials. Implement phishing-resistant multi-factor authentication (MFA) where possible to prevent unauthorized access.
  • Exercise caution with communications. Be wary of emails or messages requesting personal information or containing unexpected links. Verify the identity of any sender claiming to be from the university or Instructure before responding.
  • Monitor accounts for suspicious activity. Regularly review login logs and account activity for any signs of unauthorized access. Report any suspicious behavior to the university's IT security department immediately.
  • Enhance supply chain security. For organizations, this incident underscores the need for continuous monitoring of third-party vendors. Deploy attack surface management tools to identify and mitigate risks within the digital supply chain.

Proactive security measures and heightened awareness are the most effective defenses against the downstream effects of a third-party data breach.

Frequently asked questions

What happened in the University of California security breach?

ShinyHunters claimed responsibility for a security attack on University of California (universityofcalifornia.edu) in May 2026. The incident was first reported on May 7, 2026.

When did the University of California breach occur?

The University of California breach was publicly reported on May 7, 2026. ShinyHunters referenced the incident around that time, but the attack may have occurred earlier.

What data was exposed?

While the specific categories of data involved have not been disclosed, the investigation is currently assessing the potential exposure of sensitive personal information and login credentials allegedly exfiltrated from the platform.

Is my personal information at risk?

If you interacted with University of California, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

The University of California is expected to secure its systems, notify affected parties, and provide guidance on protective actions. They will likely review security measures and deploy attack surface management to prevent future incidents.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is University of California?

University of California operates as a public university system providing higher education, research, and public service across multiple campuses in California. The system encompasses undergraduate and graduate degree programs, medical centers, and research facilities spanning various academic disciplines.
  • Check icon
    View our free preliminary report on University of California’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View University of California's score
View score
https://www.ucsf.edu
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Texas Tech University hit by data breach involving ShinyHunters

Texas Tech University hit by data breach involving ShinyHunters

A data breach involving Texas Tech University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
Tilburg University data breach: what happened and what's at risk

Tilburg University data breach: what happened and what's at risk

A data breach involving Tilburg University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 6, 2026
Houston ISD data breach: what happened and what's at risk

Houston ISD data breach: what happened and what's at risk

A data breach involving Houston ISD was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
University of Oklahoma data breach: ShinyHunters claims attack on Canvas platform

University of Oklahoma data breach: ShinyHunters claims attack on Canvas platform

A data breach involving University of Oklahoma was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
Penn data breach: 306,000 records compromised in ShinyHunters attack

Penn data breach: 306,000 records compromised in ShinyHunters attack

A data breach involving Penn was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
ShinyHunters claims Indiana University data breach affecting Canvas users

ShinyHunters claims Indiana University data breach affecting Canvas users

A data breach involving Indiana University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating