On May 7, Peralta Community College District students and faculty who logged into Canvas received a message from an international hacking syndicate, threatening to release users’ private data unless a “settlement” is negotiated. The cyberattack, which began days earlier, affects Peralta as part of a national breach.
District officials recommend students avoid clicking on any links shared from Canvas or Instructure, the academic management system targeted by hackers, and to avoid any “suspicious” looking messages. Additionally, the district recommends students check their Peralta Microsoft Outlook emails for communication from their professors regarding assignments and access to course materials.
The Citizen reached out to Instructure’s media liaison for comment, but did not receive a response in time for publication.
ShinyHunters message
Students and faculty from Peralta reported seeing a message early Thursday afternoon when trying to access their Canvas dashboards. The black and red message was allegedly sent by criminal extortion group, ShinyHunters, and claimed the group had hacked Instructure “again.”
According to ShinyHunters’ message, they had requested that Instructure contact them in order to resolve an earlier breach.
They claimed that Instructure “ignored” their request and “did some security patches.”
The message also addressed individual schools, urging them to “consult with a cyber advisory firm” and “contact [ShinyHunters] privately using TOX,” an end-to-end encrypted messaging application, to “negotiate a settlement.” The hackers claim that failure to do so by the end of the day on May 12 would result in student and faculty data being leaked publicly.
The message included a link to download a document with a list of affected schools, according to ShinyHunters. The Citizen did not click on this link to verify the information.
Around 1:20 p.m., a Canvas message replaced the one from ShinyHunters. The message read, “Canvas is currently undergoing scheduled maintenance. Check back soon.”
According to cybersecurity company SOCRadar, ShinyHunters, or ShinyCorp, “emerged” in 2020 and has since breached high-security companies like Google, Microsoft, and Salesforce, as well as a host of colleges such as University of Pennsylvania, Princeton University, and Harvard University.
According to the hackers, as of Thursday they have stolen 3.65 TB [terabytes] of personal student data from 9,000 schools, or around “275 million” individuals’ data.
“Peralta’s response is that we have cut off access to Canvas,” District Executive Director of Marketing, Communications, and Public Relations, Mark Johnson, told The Citizen in a phone interview on May 7.
“Our team is double-checking and making sure that the information we got from the California Community Colleges is accurate, which is that important student data was not part of [the data breach].”
A few days earlier
The district first reported a security breach from Instructure on May 5 in a districtwide email, after being notified by the California Community College Chancellor’s office. The state chancellor’s office holds the vendor contract with Instructure.
The email informed students of a “confirmed security incident” with Instructure between May 2 and 3, but added there was “no immediate action required” and that “[Peralta] is committed to keeping your data safe.”
According to that email, students’ passwords, social security numbers, dates of birth, and financial information had not been compromised, as that information is stored separately from Canvas.
The district listed that potentially compromised information included student’s names, email addresses, student identification numbers, and internal Canvas messages.
The district stated that Instructure resolved the situation by using “containment measures” such as “revoking compromised credentials” and “applying security patches.”
In the same email, the district relayed that Instructure is investigating the event further with “external forensic experts” to “ensure the platform remains secure.”
On May 6, State Chancellor Sonya Christian sent an email to college presidents and to public information officers statewide to provide an update about the data breach.
“The important point is that this is a vendor-level incident affecting many institutions, not a targeted breach of any one college,” Christian wrote, also stating that the risk to the community college system “appears contained and manageable.”
Paige Marlatt Dorr, the state chancellor’s communications and marketing director, sent an email on May 7 at 2:53 p.m., informing college presidents and public information officials about an “additional security issue” and that Canvas is “down” systemwide.
Peralta district officials sent an email to students that same day at 3:06 p.m., with the subject “Security Update: Canvas Hacked Again.”
“As a precaution, Peralta IT has cut off access to Canvas from the Peralta Portal while Instructure deals with this situation,” the email stated.
Peralta’s Chief Technology and Information Systems Officer, Antoine Mehouelley, told The Citizen that Peralta’s distance education team is working to support instructors and students in navigating the indefinite Canvas shutdown.
Mehouelley pointed out that faculty have “adapted before,” as they did during the shelter-in-place stages of the Covid-19 pandemic, and that they “may need to do so again as we close out the Spring semester.”
Mehouelley added that the district will continue to wait for confirmation from the state chancellor’s office that Canvas is secured before restarting the program.
According to the state chancellor’s office security center, Canvas is currently under maintenance.
Copy Editor Ethan Dennerle and Associate Editor Nelzy Gonzalez-Zaragoza contributed reporting to this article.






















