Canvas cybersecurity breach disrupts Triad schools as final exams near
Canvas cybersecurity breach disrupts Triad schools as final exams near
https://abc45.com/news/local/canvas-cybersecurity-breach-disrupts-triad-schools-as-final-exams-near
Publish Date: 2026-05-09 11:35:00
Source Domain: abc45.com
Using an unordered list, summarize the following article with between 4 and 8 key points. TRIAD, N.C. — As tens of thousands of students across the Triad are putting the finishing touches on end-of-year assignments and preparing to take final examinations, a cybersecurity breach of a popular, widely used online learning system has left several school districts statewide having to restrict access—leaving students unable to complete online-based instruction and teachers scrambling for alternative options regarding the submission of final grade books.“I still need to check my grades to make sure I’m still even eligible to keep my job as an R.A., so I won’t even be able to do that since Canvas is down,” Bryan said.Malachi Bryan, a senior graphic design major at the University of North Carolina at Greensboro (UNCG), describes the mass hysteria in his classrooms and the pressure classmates faced after attempting to sign in to the platform to no avail—especially during a pivotal time with important deadlines and last-minute studying.“Every single aspect about class is on Canvas. As a matter of fact, I’ve been using Canvas since elementary [and] middle school,” Bryan said. “This impact is not just for college students; it’s a nationwide thing. I’m a graphic design major, so my whole scheme is doing art online.”The Canvas platform—used across the country by approximately 8,000 schools and universities—provides a digital course dashboard for both instructors and students. Teachers primarily use this online learning system to upload course material, assign/receive assignments, communicate with students, update grade books, and—in some instances—post final examinations.From student perspectives, the digital application is the heartbeat of their classrooms and course instruction. This dashboard allows students to view and/or download necessary course materials, upload homework assignments, and access their grades across all courses throughout each semester.A hacking group known as ShinyHunters is claiming responsibility for breaching Canvas, which boasts more than 30 million active users—ranging from kindergarten classrooms to public universities—across the world, and is threatening to begin leaking classified information and to issue company officials an ultimatum to begin leaking personal data.As many students across North Carolina logged into Canvas to knock out a last-minute study session and check their final grades, their computer screens faded to black, and a warning label appeared instead. They were presented with the following message:”ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches,” the warning read. “If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory team and contact us privately at TOX to negotiate a settlement.”On the campus of UNC Greensboro, many students living on campus were joined by family members during the last official day to move out on Friday in preparation for the upcoming summer break—as others prepare to walk across the graduation stages with ceremonies now underway.With the end of the school year just around the corner, many students are returning home with online finals still needing to be completed and awaiting the receipt of final grades on their transcripts.Timothy Peterson, who enters his third month as an administrative assistant for information systems and supply chain management at UNC Greensboro, says conversations that he’s had with other faculty members have revolved around working around these unfortunate circumstances.“I saw a professor earlier who was printing out his grades, so I think he’s kind of like being proactive in that way; trying to find a different solution,” Peterson said. “Students are trying to turn in their final exams through Canvas. Many have all of their families coming down and some may have jobs in place that depend on their GPA. I know some students are waiting to see if they’re really graduated or not.”UNCG officials confirm that all in-person examinations have been completed. However, due to the circumstances surrounding this cybersecurity outage, make-up exams are scheduled for Monday.As of Friday afternoon, Instructure, the parent company of the online education platform Canvas, has reported that the software is now officially back online and accessible for students, teachers, school staff, and families.In response to this incident, Instructure officials have released the following statement:On April 29, 2026, we detected unauthorized activity in Canvas. We immediately revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts.On May 7, 2026, we identified additional unauthorized activity tied to the same incident. The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.We have since confirmed that the unauthorized actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts. This is the same issue that led to the unauthorized access the prior week. As a result, we have made the difficult decision to temporarily shut down Free-For-Teacher accounts. These accounts have been a core part of our platform, and we’re committed to resolving the issues.In the meantime, Canvas is fully back online and available for use.In the wake of this data breach, several school districts across the Triad—relying heavily on Canvas for coursework—are also dealing with these impacts.Students and families received the following statement from Winston-Salem/Forsyth County Schools, which includes additional information on the details surrounding this incident.Canvas is used by WS/FCS teachers in grades 3-12 for homework assignments, grading, and messaging. Based on the information we have received, personal data of current staff and students may have been accessed, but there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach. The information obtained through the breach could be used in targeted phishing attacks against staff or students. WS/FCS recommends families and staff be cautious of unsolicited email messages that come from Canvas or Instructure, especially those asking for personal information or anything to do with passwords.The investigation is ongoing, and Instructure hasn’t confirmed the amount or type of WS/FCS data exposed.”Additionally, Guilford County Schools (GCS) released updates on their next steps moving forward. Officials highlight that final exams will not be affected, but students have faced issues such as turning in homework assignments and accessing course material:Dear GCS Employees, We want to provide you with an update about the Instructure Canvas security incident.We are continuing to work with the state to monitor the situation and assess its impact. Out of an abundance of caution, access to Canvas on GCS devices will remain restricted. We are also recommending that families not attempt to access Canvas through the app or parent portal until we can confirm that the platform is secure.Our Academics, Blended Learning and Technology teams are working together to provide schools with alternative methods for accessing instructional resources that currently reside on Canvas. In addition, Blended Learning has implemented a workaround through Microsoft Teams to support instruction for virtual school students.Thank you for your continued flexibility, professionalism and support as we navigate this situation together.Randolph County Schools is also navigating this developing situation with Canvas, as Superintendent Stephen Gainey shared this statement with ABC 45 News on the school district’s impact of this platform’s shutdown.”The Randolph County School System uses Canvas. Furthermore, the school system was made aware of our inclusion in the data breach involving Canvas on 5/5/26,” Gainey said. “However, the school system has not received any information regarding the specific types of data impacted by this situation from Instructure, the parent company of Canvas, or the North Carolina Department of Public Instruction.” According to the warning label displayed by the hacker group “ShinyHunters,” school systems that are impacted by this cybersecurity breach have until the end of the day on Tuesday, May 12, to negotiate a settlement before “everything is leaked.”This warning also adds that Instructure has until the same deadline to reach out, before the potential release of personal information belonging to millions of users nationwide.
