Last updated: May 7, 2026

Canvas Data Breach

Data Involved in the Breach

Data that may have been accessed

Names, email addresses, student ID numbers, and messages sent within the Canvas platform.

No evidence of impact to

Passwords, Social Security numbers, financial information, or dates of birth.

Important note for Foothill-De Anza: Our District does not upload dates of birth, Social Security Numbers (SSNs), passwords, other government identifiers or financial information to Canvas for our users. This further protects student and employee data from incidents involving the Canvas platform.

About the "Shiny Hunters" extortion email

The same group that claimed responsibility for the Canvas breach is now sending threatening emails directly to students. The messages typically:

• Claim the senders have been monitoring your web browser activity.
• Claim they have "compromising" photos, videos, or information about you.
• Demand payment (often in cryptocurrency) within a short deadline.
• Threaten to release the supposed information to your contacts if you don't pay.

What to do if you receive one

1. Do not pay. Paying does not make the threats stop — it marks you as someone who will pay again.
2. Do not reply, click any links, open attachments, or download files. Any of these can trigger further attacks.
3. Delete the email.
4. If the email contains a password you actually use, change that password right away (on a different device if possible) and turn on multi-factor authentication wherever you can. Old passwords sometimes show up in scam emails because they were leaked in unrelated breaches years ago.
5. If you're worried or unsure, contact your campus IT help desk. You will not get in trouble for asking.

Other Canvas-related scams to watch for

Beyond the extortion emails, expect more phishing in Canvas-themed disguises over the coming weeks. Common patterns include:

• Fake Canvas notifications — "You have a new message from your instructor," "Your course access expires today," "Action required to keep your account."
• Fake password reset emails that look like Canvas, MyPortal, Microsoft 365, or Google.
• Fake financial aid or scholarship offers, often asking you to "verify" your information through a link.
• Fake tuition refund or overpayment messages, especially around the start or end of a term.
• Fake job postings from people impersonating professors, often offering high pay for simple work.
• Gift card scams claiming to come from a professor, dean, or supervisor asking you to buy gift cards and send the codes.

Warning signs in any email

Most phishing emails share a few telltale traits. Any one is a yellow flag; two or more is a red flag.

It tries to scare or rush you

"Your account will be suspended in 24 hours." "Pay within 48 hours or else." Real organizations almost never demand instant action by email.

It asks for your password or personal information

Canvas, your college, your bank, and the IRS will never email you asking for your password, Social Security number, or full account number.

The sender address doesn't quite match

Look at the full email address, not just the display name. [email protected] is not the same as @instructure.com. Watch for misspellings, extra words, or unfamiliar domains.

The links don't go where they claim

On a computer, hover your cursor over a link to preview the real URL. On a phone, press and hold the link. If the visible text says "canvas.fhda.edu" but the actual link goes somewhere else, do not click.

An attachment you weren't expecting

Especially .zip, .exe, .iso, or Office files asking you to "Enable Macros." When in doubt, don't open it.

Generic greetings or odd phrasing

"Dear User" or "Dear Customer" instead of your name. Awkward grammar, strange capitalization, or sentences that read slightly off.

It doesn't match your real life

An email about a class you're not in, a refund you didn't request, a Canvas message at 3 a.m. from someone you've never spoken with.

What to do when something looks suspicious

1. Don't click, don't reply, don't open attachments. Even hitting "unsubscribe" on a phishing email confirms your address is active.
2. Verify through a separate channel. If "Canvas" emails you, open a new tab and go to Canvas directly using a bookmark — don't use the link in the message. If "your professor" emails you about something urgent, message them through Canvas or MyPortal instead.
3. Report it. In Outlook or Gmail, use the "Report phishing" or "Report junk" option. Then forward the message to your campus IT help desk so they can warn other students.
4. Delete the message after reporting it.
5. If you already clicked or entered your password, change your password immediately from a different device, and contact your campus IT help desk right away. The faster you report, the more they can do.

Learn more about phishing

• Federal Trade Commission — How to Recognize and Avoid Phishing Scams (opens in a new window)Plain-language guidance from the FTC, including current examples.
• CISA — Recognize and Report Phishing (opens in a new window)The federal Cybersecurity and Infrastructure Security Agency's primer on phishing.
• Google Phishing Quiz (opens in a new window)A short interactive quiz with real-looking emails and explanations of the red flags. Worth ten minutes.
• StaySafeOnline (National Cybersecurity Alliance) (opens in a new window)Guidance on phishing, passwords, multi-factor authentication, and account security.
• ReportFraud.ftc.gov (opens in a new window)The FTC's official channel for reporting scams that affected you personally.

ETS will continue to monitor this situation and update this page as new information becomes available from Instructure and the California Community Colleges Security Center.