The University of California, Riverside (UCR) restored access to its Canvas learning management system on Saturday, May 9, 2026, after a two-day shutdown caused by a cybersecurity incident affecting colleges and universities across the country
The disruption began May 1, 2026, when Instructure, the company behind Canvas, disclosed that a threat actor had gained unauthorized access to part of its environment. The incident affected thousands of higher education institutions nationwide, including the University of California (UC) system.
University officials said Canvas access was restored on Saturday at 1:35 p.m. following a security assessment conducted by a third-party cybersecurity vendor and reviewed by the UC Office of the President and campus chief information security officers.
“Canvas access has been restored following a security assessment of the system,” UCR Information Technology Solutions (ITS) said in a campus update. “Students and faculty may now resume instructional activities in Canvas by logging into the central authentication system with their UCR NetID and using Duo multi-factor authentication.”
The university had disabled local access to Canvas earlier in the week while security officials investigated the scope of the incident. During the outage, students and faculty experienced interruptions to coursework, assignments and communication as instructors sought alternative ways to continue classes.
UCR officials urged students to continue attending regularly scheduled classes despite the disruption. The university anticipated restoring access by Monday, May 11, but completed the process earlier after receiving approval from UC leadership and cybersecurity reviewers.
Instructure CEO Steve Daly issued a public apology Thursday May 7, 2026, acknowledging frustration among users over limited communication during the incident, “Many of you dealt with real disruption,” Daly said in a statement. “You deserve more consistent communication from us, and we didn’t deliver it.”
According to Instructure, the breach involved unauthorized access to certain user information, including usernames, email addresses, course names, enrollment information and messages. The company said core learning data, including courses content, submission and credentials, was not compromised.
The company also disclosed that attackers exploited a vulnerability involving support tickets in its “Free for Teacher” environment, prompting Instructure to temporarily disable that service while conducting a broader security review.
Despite assurance that Canvas was “fully operational and remains safe to use,” several UC campuses, including UCR, kept systems offline while conducting independent security evaluation.
On Friday, UCR informed students that campuses such as UC Berkeley and UC Merced had restored Canvas services to support final exams and test the platform’s return across the UC system.
Throughout the outage, university officials warned students and employees to remain alert for phishing attempts and fraudulent communications posing as official university messages. “Watch for unexpected messages that seem to come from UC Riverside,” UCR ITS said in campus advisory. “The university will never ask for passwords, Social Security numbers, birthdates, or bank account information through email, text, or phone calls.”
The university directed faculty to instructional continuity resources through the XCITE Center for Teaching and Learning, while technical support remained available through the campus BearHelp service desk.
Students express concerns over missed assignments, disrupted coursework and uncertainty surrounding midterm preparation during the outage. Faculty members were encouraged to communicate with students through alternative methods while Canvas remained inaccessible.
The UC Office of the President said it continues coordinating with Instructure and campus information security teams as the broader investigation continues. Instructure has launched a dedicated incident update page and said it plans to release a summary of the forensic review once completed. The company stated that no immediate action is required from students or instructions at this time.
Cybersecurity experts say the incident highlights growing risks facing educational institutions, which increasingly rely on cloud-based digital platforms for instructions, communication and data storage. Universities have become frequent targets for cyberattacks because of the large volumes of personal and institutional information they maintain.
As classes resume on Canvas, UCR officials said they will continue monitoring the platform and provide updates to the campus community if additional information emerges.
