Notice of Canvas Security Incident

May 12, 2026

Updated: May 12, 2026, 10:30am PT

bCourses is now back online following a cybersecurity incident affecting Canvas, our learning management system vendor. The platform has been restored, though some users may experience intermittent performance issues with tools and apps connected to bCourses.

bCourses users do not need to take any further action at this time.

Access to all other Canvas sites is also restored, including Learn (learn.berkeley.edu), OpenLearn (openlearn.berkeley.edu), and UC Berkeley Extension (onlinelearning.berkeley.edu).

Users of Learn, OpenLearn, Haas Digital, Berkeley Executive Education, and UC Berkeley Extension have been asked to set a new password in Canvas following this incident to ensure the security of their account. Please see the password reset instructions below.

If You Experience Issues:

Contact us and include "Canvas" in your subject line for priority routing:

 Be Aware and Report Anything Suspicious

  • Watch for phishing emails. Do not click links in unsolicited emails claiming to be from Canvas, Instructure, or UC Berkeley.

  • Report anything suspicious to the Information Security Office at security@berkeley.edu or (510) 664-9000 (option 4).

Password Reset Instructions Sent via Email 

Instructions to reset passwords were sent via email on May 11 to users of Learn, OpenLearn, Haas Digital, Berkeley Executive Education, and UC Berkeley Extension. Again, bCourses users do not need to take this action.

What You Need to Do

  • Go to the relevant site. To defend against phishing, type the website address in your browser directly.
  • Set a new password for your account.
  • If you use an Access Token, generate a new one once you have reset your password.

If You Experience Issues:

Contact us: [details vary per site] and include "Canvas" in your subject line for priority routing

We appreciate your patience as we work through this incident. Your account security is our priority.

How can instructors protect the integrity of their courses?

  • Continue to monitor this page.  This resource is being continually updated with best practices and ideas from campus and across the country.

  • Guidance for Instructors in the Events of Disruptions(link is external)

  • Strongly consider moving materials, including your final exams, final project/assignment submissions, and materials needed for assigning grades out of bCourses and into a secure platform such as Google Drive. For exams that were to be administered in bCourses, use of alternative accessible online platforms such as Gradescope, should be prioritized.   

  • Remember that class videos continue to be available via Kaltura(link is external)

  • Prepare for the possibility that the campus may need to restrict access to bCourses for security concerns - create alternative pathways to distribute course materials and communicate with students; download course gradebooks(link is external) into a secure platform such as Google Drive or Box, and if the final exam is planned to be administered in bCourses, prepare to pivot to another platform (Gradescope, etc.)

  • Information about Incompletes was sent out 2 weeks ago [Link(link is external)]

How can students protect themselves? As always:

  • Do not respond to any communications from threat actors; report any suspicious messages received to security@berkeley.edu(link sends e-mail)

  • Validate communications and website links are from trusted sources, not malicious actors pretending to be trusted sources (check sender addresses and URLs carefully – e.g., hover your cursor over links before clicking).

  • Be wary of messages appearing to come from instructors/staff for non-course related requests.

  • Follow personal cybersecurity and privacy practices, such as removing personal information from data brokers (see privacy.berkeley.edu/personalcyber(link is external))

Accessing Teaching & Learning Tools