WCPSS notice of data breach

We are writing to inform you of a security breach involving Canvas, owned by Instructure Inc., which is used by the Wake County Public School System as part of North Carolina’s statewide learning management system. We are passing on this information to ensure you are kept informed. 

What happened?

On May 5, 2026, Instructure alerted the Wake County Public School System and the North Carolina Department of Public Instruction about a cybersecurity incident affecting staff and student data. 

On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. Instructure detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, they revoked additional suspicious access and addressed underlying system vulnerability. Instructure has found no indicators of an ongoing threat.

What information was involved?

Based on the information we have received, personal data of current staff and students may have been accessed, but there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach.

We will provide further information on what data was accessed as it becomes available.

What we are doing

While the breach is a result of Instructure’s system, we are in ongoing communication with them as they work to investigate how we are affected.

As they share new information with us, we will promptly pass it on to you. We will continue to keep you updated as more details become available.

For more information, visit Instructure’s website: https://status.instructure.com/ 

Next steps

We will continue to provide updates as we receive more information from Instructure Inc.