NC public schools, some universities cut Canvas access after ransomware attack
AI-generated summary reviewed by our newsroom.
- North Carolina DPI shut off Canvas access for K-12 public schools.
- Instructure said Canvas was fully back online, no evidence the actor currently had access.
- Instructure said names, emails, student IDs and Canvas messages were taken.
The state Department of Public Instruction has shut off access to Canvas for North Carolina’s public schools after hackers broke into the system and made a public ransomware demand.
Some users received a pop-up message Thursday on Canvas saying schools had until May 12 to pay the hackers’ ransom demand or have personal information on their students and employees publicly exposed. As a precaution, DPI said it’s shutting off access to Canvas because “it’s not safe to use the system at this time.”
“At this time, all North Carolina students and staff will not be able to access Canvas through NCEdCloud,” State Superintendent Mo Green said in a message sent to schools on Thursday night. “This is a necessary step to protect North Carolina data and schools. We appreciate your patience while these services remain offline.”
It’s not immediately clear when K-12 public schools will regain access.
Canvas is an online learning management system where students access assignments and materials. Canvas is part of North Carolina’s statewide learning management system for K-12 public schools. It’s also used by many colleges and universities, including Duke University and UNC-Chapel Hill.
Is Canvas safe to use?
Canvas is owned by Instructure, an education technology company.
Over the weekend, Instructure was hacked by ShinyHunters, a criminal extortion group that’s also been linked to data breaches at three Ivy League institutions in late 2025. The group claimed its attack on Instructure affected nearly 9,000 schools worldwide and exposed personal identifying information for over 275 million students, teachers and staff, according to Inside Higher Ed.
Instucture notified schools about the April 29 data breach on Tuesday. On Thursday, Canvas went down after ShinyHunters gained access again and posted the ransomware demand.
“The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas,” Instructure said in a list of frequently asked questions. “Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.”
Instructure said Canvas is fully back online and is safe to use.
“Our external forensic partner has reviewed the known indicators and found no evidence that the threat actor currently has access to the platform,” Instructure said.
North Carolina K-12 education leaders aren’t convinced.
“Instructure has an ongoing breach from the threat actor, and it is not safe to use the system,” said Green, the state superintendent.
NC schools barred from paying ransomware
The pop-up message said both Instructure and the schools affected by the data beach have until the end of day May 12 to negotiate a deal with ShinyHunters.
“As a reminder, N.C.G.S. 143-800 prohibits engaging with the threat actor or paying the ransom demanded,” Green said.
For now K-12 teachers and students are trying to get by as many schools try to wrap up the school year over the next month. It’s causing teachers to take steps such as delaying some tests and assignments until access is restored.
“WCPSS is actively monitoring the situation,” the Wake County school system said in an email Friday to school employees. “We understand the disruption this causes for staff and students and will continue providing updates as more information becomes available. Thank you for your patience and flexibility.”
Schools make adjustments, warn of scams
Ralph Moore, a social studies teacher at Green Level High School in Cary, said he’s moved to Google Docs and sharing the links directly with his students. Moore said the Google Docs links are usually shared through Canvas for security reasons, but they’ll get by for now.
“High school teachers are fortunate that these two AP testing weeks are fairly light — particularly at a school like Green Level where we give over 5k tests,” Moore said in a message Friday to The News & Observer. “If this was two weeks ago it would have been a disaster.”
The Orange County school system told families on Friday that middle school and high school teachers who use Canvas will make adjustments as necessary to “ensure that high-quality, robust instruction continues for all students.”
Orange County also urged parents to be careful about scammers.
“It’s possible that scammers will use information about your child to make messages seem official, asking you for money or other personal information, such as passwords,” Orange County Schools said in a Facebook post Friday. “If you are unsure of new communication about your child and cannot verify the source, please contact your child’s school.”
Higher ed impact
Though Canvas is now back up and running, colleges and universities are taking different approaches when it comes to restoring access for professors and students.
At NC Central, the school’s tech department is conducting additional security checks before restoring campus access.
“These precautionary measures are intended to help ensure system stability and protect student, faculty and staff accounts and data. The university is actively monitoring the situation and working to restore access as quickly and safely as possible,” NC Central spokesperson Quiana Shepard said in a statement. According to Shepard, the school does not store sensitive information like birthdays, government-issued identifiers or financial information in Canvas.
But at UNC-Chapel Hill, Canvas is operational. However, the school is advising professors to download grade books, student assignments, and rubrics, in the event that Canvas should go down again.
“If any data breach information specific to our faculty and students is identified, it will be promptly communicated to impacted individuals,” university spokesperson Brigitta Shouppe said.
At Duke, professor Emily Roberts says she can also access the platform normally. Final exams wrapped up at Duke University earlier this month, so while Duke uses Canvas and was affected by the hack and outage, professors and students didn’t generally encounter disruptions.
At NC State University, the hack came as the school is transitioning away from its current learning management system, Moodle, and onto Canvas.
“The university is in a preparatory phase for a future transition to Canvas, and no courses have been offered to students through the platform,” university spokesperson Lauren Barker said. “As a result, no student data was housed in our Canvas instance. Any potential exposure is limited to a small number of employee and test accounts established during the transition planning process.”
This story was originally published May 8, 2026 at 10:41 AM.
