Wake schools: April data breach may have impacted all NC schools; student & staff data accessed :: WRAL.com
Publish Date: 2026-05-06 18:45:00
Source Domain: www.wral.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Wake County Public School System leaders said they are investigating a breach involving the system used to maintain teachers’ and students’ data across North Carolina.
According to the school district, they were notified of a cybersecurity incident involving Canvas, a statewide learning management system run by Instructure. Teachers use Canvas to post their classroom work and lessons for students.
Instructure said on its website that the North Carolina Department of Public Instruction agreed to use Canvas in 2015 across all state public K-12 schools.
District leaders said they believe student and staff data may have been accessed, but they didn’t find anything indicating that passwords, birth dates, government identifiers or financial information were involved.
The school district said it was alerted to the breach on Tuesday, and that it was tied to a cybersecurity incident on April 25.
This isn’t the first time student data impacted by a data breach. PowerSchool, a company that provided data services across the globe with with data storage more than 60 million students between more than 18,000 customers and more than 90 countries, was involved in a data breach on Dec. 28, 2024.
PowerSchool later said it paid a ransom to the hacker responsible for the breach and watched a video of the hacker deleting the data they stole, according to people who were on the call, but cybersecurity analysts said more state schools could face extortion attempts in the wake of the attack.
In August, the State Board of Education transferred all of the student and staff data it had on PowerSchool to Infinite Campus for its statewide system.
The school district said that while the breach was a result of Instructure’s system, it is in ongoing communication with them as they work to investigate how the district is affected.
In a statement, Canvas said it is recommending all of its customers follow best security practices such as enforcing multi-factor authentication on privileged accounts, reviewing administrator access and rotating API tokens or keys when possible.
