|
Dear Colleagues,
I am writing to make sure you are aware of a cybersecurity incident reported by Instructure, the parent company of Canvas, the statewide learning management system used by many North Carolina public schools.
Instructure has notified NCDPI and some North Carolina Public School Units (PSUs) that they were impacted by this incident. Instructure is contacting impacted districts and charter schools directly.
This is a national incident, and we do not have full information at this time. NCDPI is coordinating closely with Instructure, the NC Department of Information Technology and our Public School Unit technology leaders. We are following all state incident reporting requirements and will share additional information as soon as we are able to confirm it.
In the meantime, I want to share three things.
First, Instructure has indicated that the compromised data "appears to include personal information" such as first and last name and that, at this time, they have found no indication that passwords, dates of birth, government identifiers or financial information were involved.
Second, as with any security incident, users should remain alert for phishing attempts or suspicious communications. If something feels off, it probably is.
Third, NCDPI takes the security of student and educator data with the utmost seriousness. We will keep you informed as this situation develops, and we will continue to support our PSUs through this and any future incidents.
Infrastructure is continuing to investigate the situation and will continue to provide updates as this situation evolves. For the latest information from Instructure directly, please monitor https://status.instructure.com.
If you have questions or information to share with NCDPI, please contact our K-12 cybersecurity team at k12cybersecteam@dpi.nc.gov.
We will be in touch with more as we learn more. Thank you for your partnership and patience as we work through this together.
With appreciation,
|
