Wake County Public School System leaders are investigating a breach involving the system that contains teachers’ and students’ data across North Carolina.
According to the school district, they were notified of a cybersecurity incident involving Canvas, a statewide learning management system run by Instructure. Teachers use Canvas to post their classroom work and lessons for students.
Instructure said on its website that the North Carolina Department of Public Instruction agreed to use Canvas in 2015 across all state public K-12 schools. Instructure also told NCDPI about the data breach.
District leaders said they believe student and staff data may have been accessed, but they didn’t find anything indicating that passwords, birth dates, government identifiers or financial information were involved.
The school district said it was alerted to the breach on Tuesday, and that it was tied to a cybersecurity incident on April 25.
This isn’t the first time student data impacted by a data breach. PowerSchool, a company that provided data services across the globe with with data storage more than 60 million students between more than 18,000 customers and more than 90 countries, was involved in a data breach on Dec. 28, 2024.
PowerSchool later said it paid a ransom to the hacker responsible for the breach and watched a video of the hacker deleting the data they stole, according to people who were on the call. However, cybersecurity analysts said more state schools could face extortion attempts in the wake of the attack.
In August, the State Board of Education transferred all of the student and staff data it had on PowerSchool to Infinite Campus for its statewide system.
The school district said that while the breach was a result of Instructure’s system, it is in ongoing communication with them as they work to investigate how the district is affected.
In a statement, Canvas said it is recommending all of its customers follow best security practices such as enforcing multi-factor authentication on privileged accounts, reviewing administrator access and rotating API tokens or keys when possible.
On Wednesday, WRAL News spoke with Growth Office Partners CEO Kimberly Simon about the breach. Simon is a globally recognized cybersecurity strategist.
“Names, email addresses and student IDs and other user communications may have been compromised, and that information can still be used for highly convincing phishing attacks,” Simon said.
When asked about how the latest breach compares to the one in 2024, Simon said that a single vendor “being compromised can ripple across entire school systems.”
In response to WRAL’s report, NCDPI said they are still working to learn how many districts were impacted by the breach. NCDPI added that Instructure is contacting districts directly to confirm that they’ve been affected.
NCDPI said it would share more information as it becomes available.
