The criminal extortion group ShinyHunters has breached Cuesta College’s Canvas. Starting this afternoon, when students and faculty tried to log in to their Cuesta Canvas accounts, they were met with a black-and-red screen that read “ShinyHunters has breached Instructure (again).”
The Cuestonian reached out to Cuesta Information and Technology and they did not want to speak on the record about the situation.
Instructure is the company that runs Canvas and is used by over 40% of higher education institutions in North America, including Cal Poly, Princeton, and Harvard, all of which are among the over 9,000 schools worldwide affected by a ShinyHunters attack on Canvas.
According to Inside Higher Ed, the attacks have compromised the personal identifying information of 275 million people, including students, teachers and staff. ShinyHunters wrote on the screen currently on Canvas, “If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked. Instructure still has until EOD 12 May 2026 to contact us.”
According to a Cal Poly Incident Report, on May 5, Instructure reported that in late April 2026, an unauthorized third party accessed certain Canvas data, noting that while some personal information associated with accounts had been involved in the breach, there was no evidence that passwords, Social Security numbers, financial information or highly sensitive data were compromised.
This is a breaking story. Stay tuned for additional information and updates.
