May 7, 2026
On May 6, 2026, the North Carolina Department of Public Instruction notified us about a cybersecurity incident affecting staff and student data within the Canvas product. Canvas, owned by Instructure Inc. Canvas is a part of North Carolina’s statewide learning management system. In Chatham County, Canvas is used primarily in high schools, and in some middle grades classrooms.
On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. Instructure detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, they revoked additional suspicious access and addressed underlying system vulnerability. Instructure has found no indicators of an ongoing threat.
What information was involved?
Based on the information provided, it appears that names, emails, Infinite Campus ID numbers were exposed for both students and staff. There is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach.
We will provide further information on what data was accessed as it becomes available.
As additional information is shared by Instructure and the NC Department of Public Instruction, we will update this page accordingly.
For more information, visit Instructure’s website: https://status.instructure.com/
On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. Instructure detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, they revoked additional suspicious access and addressed underlying system vulnerability. Instructure has found no indicators of an ongoing threat.
What information was involved?
Based on the information provided, it appears that names, emails, Infinite Campus ID numbers were exposed for both students and staff. There is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach.
We will provide further information on what data was accessed as it becomes available.
As additional information is shared by Instructure and the NC Department of Public Instruction, we will update this page accordingly.
For more information, visit Instructure’s website: https://status.instructure.com/