Wake County Public Schools notified parents Wednesday about the data breach, which the district says could have exposed personal data of current students and staff may. District officials said there is no indication that passwords, dates of birth, or financial information were shared.
The North Carolina Department of Public Instruction says Instructure, the parent company of Canvas, notified them of the breach.
NC DPI told ABC11 in a statement that reads in part:
"The North Carolina Department of Public Instruction is aware of a cybersecurity incident reported by Instructure, the parent company of Canvas, the learning management system used by many North Carolina public schools. Instructure informed NCDPI on Tuesday afternoon that NCDPI and some North Carolina Public School Units had been impacted.
This is a developing situation. NCDPI does not yet have confirmation on which districts and charter schools are impacted. Instructure is contacting affected districts directly as it confirms that information.
NCDPI is coordinating with Instructure and the North Carolina Department of Information Technology and is in active communication with our Public School Units as the situation evolves."
Duke University also utilizes Canvas, and said university staff also have been made aware of the situation.
A Duke spokesperson shared the following statement saying:
"Duke has been notified by Canvas, which provides the university's learning management system, of a cybersecurity incident resulting in unauthorized access to data at Canvas from thousands of institutions, including Duke.
The IT Security Office is closely monitoring this incident and is continuing to assess any effect on the university community. At this time, Canvas remains operational and available to Duke faculty, staff, and students."
Durham Public Schools, Chapel Hill-Carrboro City Schools, and Cumberland County Schools confirmed to ABC11 they were notified that the data breach impacted their students.
For many parents, the news prompted immediate concern.
"It was a little bit just concerning when I first read the text, email this morning," Raleigh parent Jake Howland said.
The breach involves a platform that is part of daily classroom instruction, making the incident especially troubling for families.
"It does bring in the question, you know, what the security is really like around firewalls and those kinds of things and why these breaches may be happening. You know, so that's something hopefully that they'll be looking at," Howland said.
According to Instructure, the parent company of Canvas, hackers accessed data including student names, email addresses, identification numbers and messages exchanged among users. The company said passwords, birth dates, government identification numbers and financial information were not compromised.
Instructure says all North Carolina public schools use Canvas, and some universities and colleges use it as well.
Cybersecurity experts say incidents like this are becoming increasingly common.
"This is part of our everyday lives now, that we just have to operate under the assumption that your information is out there, and people are probably gonna get their hands on it one day," said Eric Bordeau, virtual chief information officer at Logically.
Bordeau said the type of information exposed in this breach may not have immediate consequences but could pose risks over time.
"This particular information that was leaked here, or exposed, it's something that might not impact them for years to come," he said.
Experts recommend parents take steps to protect their children's information, including encouraging responsible sharing online and using strong, unique passwords.
"Having conversations with children about, you know, not putting more information out there than you absolutely need to," Bordeau said.
Officials are still working to determine the full scope of the breach. Several institutions, including North Carolina State University, North Carolina Central
University, and UNC Chapel Hill have been contacted for information but have not yet confirmed whether they were affected.
As notifications continue, parents and school officials remain focused on understanding the extent of the breach and preventing future incidents.
SEE ALSO | The Gen Z hackers behind major data breaches
Download the ABC11 News app for breaking news and weather alerts