Cybersecurity breach hits Canvas learning platform used by CMS, other Charlotte-area school districts
Publish Date: 2026-05-07 12:12:00
Source Domain: www.wcnc.com
Using an unordered list, summarize the following article with between 4 and 8 key points. Multiple NC school districts are investigating a nationwide Canvas breach that exposed basic student info.
CHARLOTTE, N.C. — Several school districts across the region are responding to a cybersecurity incident involving Instructure, the company behind Canvas, a widely used learning management system.
Charlotte-Mecklenburg Schools, Cabarrus County Schools, Catawba County Schools, Kannapolis City Schools and Union County Public Schools all confirmed they were impacted by or are investigating the breach, which appears to be nationwide in scope. The North Carolina Department of Public Instruction is coordinating with Instructure and state technology officials as the investigation continues.
Instructure identified and resolved the issue, and Canvas remains fully operational, according to CMS. The company reports that while basic directory-style information, such as names and student IDs, may have been accessed, no passwords, dates of birth, financial information or government identifiers appear to have been involved.
“There is no evidence of ongoing unauthorized access,” CMS said in a statement to families on Wednesday.
CMS said it acted immediately upon learning of the breach, auditing access and administrative permissions and coordinating with state and vendor contacts to ensure recommended safeguards were in place.
Cabarrus County Schools confirmed it was impacted and said it has been notified that the breach was contained and the platform is secure. Catawba County Schools said NCDPI is investigating in coordination with Instructure, adding that the incident appears to involve limited personal information.
Kannapolis City Schools said its technology staff began working with state officials and Instructure immediately after learning of the situation. The district said Instructure has engaged forensic specialists to prevent future incidents.
Union County Public Schools said it was notified of the breach on May 6 and that staff have notified parents and employees. The district said its technology team is working to determine what data, if any, was impacted.
Chester County Schools said its network teams are still assessing the situation and have found no indication of impact so far. Fort Mill Schools confirmed it does not use Canvas and was not affected.
Families are encouraged to be cautious of unexpected emails or messages, avoid clicking on suspicious links and report concerns to their school.
Districts said they will continue to share updates as more information becomes available.
Download WCNC+ on your Roku, Amazon Fire TV, Apple TV or Samsung device, and stream the news that impacts you for free.
