Canvas users across California and beyond faced widespread disruption this week after a major cyberattack temporarily shut down parts of the popular online learning platform, forcing schools and colleges to scramble during final exam season.

Universities and community colleges throughout the Bay Area began restoring access on Friday after the attack interrupted assignments, exams, classroom discussions, and course materials for thousands of students.

Institutions including Stanford University, the California State University system, UC Berkeley, and the Peralta Community College District confirmed they were gradually bringing systems back online while conducting additional security checks.

UC Berkeley said access to Canvas had “largely been restored” and that final exams would continue as scheduled. California State University officials also said they were carefully reconnecting campus systems after completing security protocols.

The attack targeted Canvas, the widely used digital learning platform developed by Utah-based software company Instructure. The company temporarily took parts of the system offline after hackers reportedly altered login pages with ransom-style messages viewed by students and teachers attempting to sign in.

According to Instructure, the breach exploited vulnerabilities linked to “Free-For-Teacher” demo accounts. The company disabled those accounts while engineers worked to restore normal operations.

A hacker group known as ShinyHunters claimed responsibility for the attack, although officials have not formally confirmed the group’s involvement.

The outage created confusion and stress for students already navigating final exams and project deadlines. Some students logging into Canvas reportedly encountered threatening messages warning that sensitive information could be exposed.

At Chabot College in Hayward, instructor Heidi Skolnik said she had to improvise during an in-person statistics class after students lost access to online materials. Instead of relying on Canvas, she passed around flash drives containing course data so students could continue working.

The incident has sparked renewed concerns about cybersecurity risks across the education sector, where millions of students depend daily on centralized digital platforms.

Cybersecurity researchers warned that education systems have become attractive targets because a single breach can potentially affect thousands of schools simultaneously. Experts also noted that while there is currently no evidence that passwords, Social Security numbers, or financial information were compromised, educational records and personal data still hold significant value for cybercriminals.

Sarah Powazek, a research director at UC Berkeley’s Center for Long-Term Cybersecurity, said the disruption highlighted how deeply schools now depend on a small number of technology providers.

“When these services go down, it can impact the entire country’s day of school,” she said.

The Canvas breach arrives amid growing scrutiny of cybersecurity protections within educational technology companies. According to reports, Instructure is already facing multiple federal lawsuits related to the incident.

The disruption also reminded many educators and students how quickly classroom operations can be affected when digital systems fail. For fully online learners especially, the outage temporarily cut off access to lectures, assignments, and communication tools that have become essential to everyday education.

Canvas services were gradually stabilizing Friday afternoon, though some institutions continued additional monitoring before fully restoring integrations.

More details about the cyberattack and the scope of the investigation are expected in the coming days.

For additional updates on cybersecurity and education technology, readers can review coverage from KQED News.