Lisa Baildon, whose daughter attends Millbrook High School, said her child regularly uses Canvas to manage schoolwork, especially on remote learning days.
"When, like, there's a remote day, they go on Canvas to find out what to do. There's a separate part for parents where we can see grades and things like that," she said.
Baildon said she is concerned about what information may have been accessed.
"Who did it and what are they going to do with the data? " she said.
District officials said in a letter sent to parents on Wednesday that they were notified of the cybersecurity breach on Tuesday. The breach happened on April 25, 11 days earlier. According to the district, personal data of current students and staff may have been accessed, but there is no indication that passwords, dates of birth, or financial information were shared.
Parents across the district learned of the breach at the same time, prompting questions about security safeguards.
"What fail-safes did they not have in place, so it won't happen again?" Baildon said.
The incident marks the second such breach affecting the district in two years. In 2024, credentials of a PowerSchool contract employee were compromised, exposing names, addresses, and email information. Since then, the North Carolina Department of Public Instruction has moved to a new online system to manage student data.
Wendy Carvajal, a Wake County parent and teacher, said the latest breach raises concerns about protecting personal information.
"I feel worried. Well, in my case, also as a teacher, I think that personal information is really important to keep secure," she said.
Cybersecurity experts say parents should take precautions following the breach. Kimberly Simon, CEO of Growth Office Partners in Durham, said families should be on alert for suspicious communications.
"So be extra cautious about any emails that are now coming in asking for information and pretending to be the school. The second thing is to turn on multi-factor authentication on every single account. This should already be done," she said.
"Multi-factor authentication means that you need more than one piece of information to get into an account, so a password, plus something else. So, it could be your Password Plus a code sent to your phone or email to you," Simon said.
She also advised updating passwords and avoiding reuse across multiple accounts.
"If you're using the same password across all your accounts, you want to make sure that you change that, because if that's been compromised, then they have access to more than just, you know, the school platform. So, using a password manager would be another great takeaway," Simon said.
Simon added that parents should talk with their children about cybersecurity, including how to recognize phishing attempts and monitor account activity.
"Talk to them about phishing emails, talk to them about clicking on suspicious links, talk to them about monitoring their accounts, and help them monitor their accounts and look at unusual activity or unexpected password research, I think both the school and the home have a part to play nowadays," she said.
As the investigation continues, state school leaders are urging Canvas users to remain alert to suspicious activity. Baildon said she is sharing that message with her daughter.
"I think just make her aware and then just hear what Wake County Schools have to say," she said.
Download the ABC11 News app