UCI students received pop-up messages on Canvas at approximately 1:05 p.m. today on May 7. Following an initial message on all Canvas websites from the ShinyHunter hacker group, Anteaters are currently unable to access Canvas and the webpage is currently down for maintenance. The group reportedly breached Instructure — the parent company of Canvas — potentially compromising the data of hundreds of millions of users across the U.S. on May 3.
The group alleged that they possess billions of private messages sent through Canvas, which may include emails, addresses, phone numbers and student ID numbers.
On May 6, some UCI students received an email from the UCI Office of Information Technology (OIT) regarding a University of California Office of the President (UCOP) statement on the nationwide cybersecurity incident. UCOP stated that they, “close communication with Instructure and are actively coordinating with UC location cybersecurity partners to monitor the situation.”
Other schools were already impacted by the hacker group earlier this week. The ShinyHunter group stated on May 3 that they will leak data obtained from Pennsylvania State University on May 8. The warning displayed on UCI students’ screens stated that affected schools and Infrastructure have until the end of day on May 12 to negotiate a deal with ShinyHunters.
At 5:48 p.m. UCI students received a text message from UCI stating that access to Canvas was temporarily redirected to an OIT-hosted webpage. The text advised students to avoid visiting URLs ending in “infrastructure.com” for security purposes.
Infrastructure’s website is providing status updates along with UCI OIT.
Editor’s Note: This article was updated to include a message from UC Irvine regarding the nationwide cybersecurity incident.
Kaelyn Kwon is a 2025-2026 Managing Editor. She can be reached at kaelynmk@uci.edu
