RALEIGH, N.C. (NCN News) – A data breach last month may be impacting students and staff in the public schools statewide.
In a message posted online, The Wake County Public School system wrote there was a security breach involving Canvas, owned by Instructure Inc., which is used as part of North Carolina’s statewide learning management system.
According to the school district on Tuesday (May 5), Wake County Public School System and the North Carolina Department of Public Instruction were notified by Instructure about a cybersecurity incident affecting staff and student data.
On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. Instructure detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, they revoked additional suspicious access and addressed underlying system vulnerability. Instructure has found no indicators of an ongoing threat.
The district went on the state that personal data of current staff and students may have been accessed, but there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach.
While the breach is a result of Instructure’s system, the school district says it is in ongoing communication with them as they work to investigate how we are affected.
While the Wake County system is posting information online, it is not clear what the impact is on other school districts. Instructure said on its website that the North Carolina Department of Public Instruction agreed to use Canvas in 2015 across all state public K-12 schools.
“We selected Canvas after conducting a thorough evaluation with the administration and staff from multiple schools in North Carolina,” said Tracy Weeks, chief academic and digital learning officer at the NC Department of Public Instruction in a 2025 news release announcing the arrangement. “We encourage schools to take advantage of the statewide pricing. We’re confident they’ll find Canvas simple to learn and easy to use.”
On its website, the Chief Information Security Officer Steve Proud posted:
“Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.
As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where applicable.
This will be our final update via this status page for this incident. We will continue to provide updates as appropriate through other channels and are now communicating directly with impacted customers to provide organization-specific information and support.”
This isn’t the first time Tar Heel schools have been impacted by a data breach as there was another one less than a year ago.
The North Carolina Department of Public Instruction (NCDPI) announced in early 2025 that a major data breach at vendor PowerSchool compromised sensitive personal information of students and staff across the state. The breach, stemming from a December 2024 incident, exposed names, social security numbers, and contact info, leading to extortion attempts by hackers in May 2025
For more information, visit Instructure’s website: https://status.instructure.com/