Richmond County Schools is sharing information regarding a recent cybersecurity incident involving Instructure, the parent company of Canvas, a learning management system used by many school districts across North Carolina and the country. Canvas is used in our districts middle and high schools.

Instructure reached out to districts to notify us of a cybersecurity incident perpetrated by a criminal threat actor. On Thursday, May 8, users logging into Canvas nationwide saw a message posted by the threat actor responsible for compromising Instructure. As a precautionary measure, access to Canvas through NCEdCloud was temporarily disabled for North Carolina public schools while the incident was reviewed.

According to NCDPI, CrowdStrike, a third-party cybersecurity firm assisting with the investigation, later reported that there were no ongoing signs of compromise within the Canvas environment. Statewide access to Canvas through NCEdCloud was restored on May 11.

At this time, Richmond County Schools has not received information indicating the extent of any potential local impact. NCDPI is working with Instructure to determine what information may have been accessible within Canvas. Data could include: Username, UID Identification number, first name, last name, email address. Richmond County Schools takes the security of student and educator data seriously. We will continue working along NCDPI to coordinate with partners to monitor the situation and assess any potential impact. Additional information will be shared as it becomes available.

For a timeline of events, as well as the latest updates from Instructure, visit the company’s incident status page at https://status.instructure.com.

Thank you for your support as we work to keep our student and educator data secure.