A cyber incident has been reported at Canvas, the learning management system used by millions of students, teachers, and schools worldwide. The company notified users after discovering unauthorized access to parts of its infrastructure. Canvas is one of the most widely used school platforms in North America, so families with children in schools that rely on it should pay attention.
At this stage, investigators are still determining the full scope of what data may have been accessed. Exposed information could include student names, email addresses, and account login details tied to school systems. The company is working to contain the incident and says there is no evidence of ongoing unauthorized access.
How to check if you’re affected
Affected devices include any phone, tablet, or computer used to access your school’s Canvas account or grade portal. Here is what to do:
- Check your device: If your child uses Canvas on a school-issued device or phone, look for any unusual activity — unexpected password reset emails or login notifications you did not request.
- Update your Canvas password: Log in through your school’s Canvas portal and change your password to something unique. Do not reuse the same password across other sites.
- Contact your school’s IT department: Ask whether your school district’s Canvas account is among those affected and whether they have received any official communication from Canvas/Instructure.
- Watch for phishing: Attackers who obtain email addresses from school platforms sometimes follow up with fake “official” emails. If you receive anything asking for passwords or payment, do not click — call the school directly.