Canvas data breach graphic laptop and cell phone sitting on desk

Important Notification about Canvas Security Breach - Update 5/8/26

WS/FCS Communications

May 7, 2026

New informational update on the breach and a message from State Superintendent - 5/7/26

Earlier this evening, the North Carolina Department of Public Instruction (NCDPI) notified districts of escalating issues related to the cybersecurity incident involving Instructure, the parent company of the Canvas Learning Management System.

New developments this afternoon indicate that threat actors (external hackers) have begun sending direct, malicious messages to users in various North Carolina districts. 

Current Status & Access

  • Access Status: Effective immediately, all access to Canvas through NCEdCloud has been disabled for staff and students across the state.

  • Scope: This is a proactive measure initiated by NCDPI to protect our users from direct contact by unauthorized parties.

  • Restoration: At this time, there is no estimated time for restoration. Services will remain offline until NCDPI and federal forensic experts verify the platform's security.

Official message from NCDPI

May 7, 2026

Dear Colleagues,

I am writing to provide an update on the cybersecurity incident reported by Instructure, the parent company of Canvas, the statewide learning management system used by many North Carolina public schools.

This afternoon, users logging into Canvas saw a message from the threat actor who compromised Instructure earlier this week. The message appeared to Canvas users across the nation, including those with the North Carolina Department of Public Instruction (NCDPI), North Carolina Virtual Public School (NCVPS) and some Public School Units (PSU).

Instructure has subsequently disabled access to impacted systems. However, this indicates that Instructure has an ongoing breach from the threat actor, and it is not safe to use the system. 

At this time, all North Carolina students and staff will not be able to access Canvas through NCEdCloud. This is a necessary step to protect North Carolina data and schools. We appreciate your patience while these services remain offline. 

As a reminder, N.C.G.S. 143-800 prohibits engaging with the threat actor or paying the ransom demanded.

NCDPI takes the security of student and educator data with the utmost seriousness. We will share additional information as it becomes available. For continued updates from Instructure, please follow their incident status page.

NCDPI’s communications team will follow up tomorrow with template resources that can be used to communicate with your families.

We will be in touch with more information as we receive it. Thank you for your partnership and patience as we work through this together.

Mo Green Signature

Maurice "Mo" Green

Superintendent, NC Department of Public Instruction

Data Breach Details

This week, Instructure alerted the district and NC DPI about a cybersecurity incident affecting staff and student data. 

On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a “criminal threat actor.” Instructure detected the attacker on April 29. Instructure reports that it has blocked access to the system and has found no indicators of an ongoing threat.

The company has notified the federal law enforcement agencies for assistance in the investigation.

No WS/FCS internal networks or systems were breached.

How this affects you

The investigation is still ongoing, and Instructure hasn’t yet confirmed the amount or type of WS/FCS data exposed.

Canvas is used by WS/FCS teachers in grades 3-12 for homework assignments, grading, and messaging. Based on the information we have received, personal data of current staff and students may have been accessed, but there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach.

We will provide further information on what data was accessed as it becomes available.

Stay alert

The information obtained through the breach could be used in targeted phishing attacks against staff or students.

WS/FCS recommends families and staff be cautious of unsolicited email messages that come from Canvas or Instructure, especially those asking for personal information or anything to do with accounts or passwords.

Next steps

We will continue to provide updates as we receive more information from Instructure.

For more information, visit Instructure’s status website: https://status.instructure.com/