Campus Alert Archive
SDCCD

Largest Cyberattack in SDCCD History Knocks 90,000 Students Offline Across All Four Campuses

CAinfrastructure failureadvisorymedium confidence
Confirmed Threat

On Saturday, May 3, 2026, San Diego Community College District network specialists detected a sophisticated cyberattack and immediately shut down district-wide internet access affecting City, Mesa, Miramar, and the College of Continuing Education. When technicians believed they had stopped the attack Saturday, the threat resumed Monday, May 5, revealing a more coordinated intrusion. All websites, email, Wi-Fi, web-based phones, and student registration platforms were taken offline, disrupting over 90,000 students and prompting Chancellor Gregory Smith to declare it the largest cyberattack in the district's history. No personal identifying information was confirmed stolen.

Alerts
3
Response
Killed
0
Injured
0
Institution
San Diego Community College District
Community College · CA
~90,000 studentsSDCCD Emergency Notification
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTEmail
Approximate reconstruction511 chars
San Diego Community College District is responding to a cybersecurity incident. To protect our systems, we have taken our district network offline. All campus websites, email, Wi-Fi, and web-based phones are currently unavailable across City, Mesa, Miramar, and the College of Continuing Education. In-person operations are continuing. Classes are meeting as scheduled. Student services staff are available on campus. We are working with cybersecurity experts and will provide updates as the situation develops.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The decision to keep in-person classes running despite a complete network blackout required faculty to teach without Canvas, email, and internet-dependent tools for over a week.
The Saturday detection followed by a Monday resumption of attacks suggests the initial Saturday intrusion was a probe designed to map the district's incident response capabilities.
UPDATEEmail
Approximate reconstruction483 chars
The SDCCD network will remain down until Friday afternoon. We are working around the clock to restore access safely. The Saturday incident, which we thought we had contained, resumed Monday morning as a more sophisticated and coordinated attempt. Food services on campus have been suspended due to systems reliance on network access. Mental health counseling and health appointments are also temporarily closed. Registration deadlines have been extended. We appreciate your patience.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The disclosure that food services were suspended -- not just IT systems -- illustrates how deeply modern campus dining operations depend on networked payment and inventory systems.
Chancellor Smith's 6:14 PM email is the most precisely timestamped communication in the incident, reported by City Times.
ALL CLEAREmail
Approximate reconstruction482 chars
San Diego Community College District is pleased to report that our campus network, websites, and email have been restored following the cyberattack that began May 3. Over 5,500 computers have been scanned and brought back online. No personally-identifiable information was compromised; recent security upgrades that moved critical systems to the cloud protected student and employee data. We thank our students, faculty, and staff for their patience during this two-week disruption.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The two-week restoration timeline -- scanning 5,500+ computers before bringing each back online -- reflects the labor-intensive nature of post-incident endpoint remediation at large multi-campus institutions.
The credit to cloud migration for protecting PII represents a vindication of a strategic IT decision that predated the attack.
Context

Background

The May 2026 attack on the San Diego Community College District was notable for its scale and sophistication. Chancellor Gregory Smith described it as 'the largest effort at this scale or this complexity' in the district's history, with the attacker appearing to run a two-phase operation: a Saturday probe to map incident response capabilities, followed by a more aggressive Monday intrusion after technicians believed the threat had been contained. All four campuses -- City, Mesa, Miramar, and the College of Continuing Education -- serving more than 90,000 students were simultaneously affected. Internet, Wi-Fi, websites, email, web-based phones, student registration, and network-dependent services including campus food service and health counseling went offline. The district's decision to move critical data systems to the cloud before the attack meant no personally-identifiable information was confirmed stolen. Technicians scanned and remediated over 5,500 computers before restoring them, with full network and website restoration completed around May 18. The incident occurred during the active spring semester, requiring in-person workarounds for two weeks of instruction at the largest community college district in San Diego County.
Analysis

Key Findings

Attack detected Saturday, May 3, 2026; believed contained Saturday, then resumed Monday, May 5 as a more sophisticated intrusion.
All four SDCCD campuses -- City, Mesa, Miramar, and Continuing Education -- taken offline simultaneously, affecting 90,000+ students.
Campus food services, mental health counseling, and health appointments were also closed due to network dependency.
Over 5,500 computers scanned and remediated before network restoration; full recovery by approximately May 18, 2026.
No PII confirmed stolen; cloud migration of critical systems credited with protecting student and employee data.
Outcome
Over 5,500 computers were scanned and brought back online in phases. The network and websites were restored by approximately May 18, 2026. No personally-identifiable information was confirmed compromised, with district officials crediting recent security upgrades that moved critical systems to the cloud.
Provenance

Sources

  1. Student Paper
    SDCCD campus network, websites down after failed weekend cyberattack -- City Times
    sdcitytimes.com
  2. News
    Massive cyber attack hits entire San Diego Community College District -- CBS 8
    cbs8.com
  3. News
    How SDCCD caught and is still fighting a sophisticated cyberattack -- Times of San Diego
    timesofsandiego.com
  4. Student Paper
    Update: City College network, website active after cyberattack -- City Times
    sdcitytimes.com
  5. News
    Cyberattack disrupts systems across San Diego Community College District -- Digital Watch Observatory
    dig.watch
Tags
cyberattackcommunity-collegemulti-campusnetwork-outageinfrastructure-failurefood-service-disruptioncaliforniasan-diego2026
Added May 2026Updated May 2026Via ingestion