|
Dear Colleagues,
I am writing to provide an update on the cybersecurity incident reported by Instructure, the parent company of Canvas, the statewide learning management system used by many North Carolina public schools.
This afternoon, users logging into Canvas saw a message from the threat actor who compromised Instructure earlier this week. The message appeared to Canvas users across the nation, including those with the North Carolina Department of Public Instruction (NCDPI), North Carolina Virtual Public School (NCVPS) and some Public School Units (PSU).
Instructure has subsequently disabled access to impacted systems. However, this indicates that Instructure has an ongoing breach from the threat actor, and it is not safe to use the system.
At this time, all North Carolina students and staff will not be able to access Canvas through NCEdCloud. This is a necessary step to protect North Carolina data and schools. We appreciate your patience while these services remain offline.
As a reminder, N.C.G.S. 143-800 prohibits engaging with the threat actor or paying the ransom demanded.
NCDPI takes the security of student and educator data with the utmost seriousness. We will share additional information as it becomes available. For continued updates from Instructure, please follow their incident status page.
NCDPI’s communications team will follow up tomorrow with template resources that can be used to communicate with your families.
We will be in touch with more information as we receive it. Thank you for your partnership and patience as we work through this together.
|
