The message included a link to a list of schools ShinyHunter claims to have breached through Canvas.
RALEIGH, N.C. (NCN News) – That data breach reported by WPTF.com on Wednesday has now turned into a hacker group holding hundreds information of schools nationwide for ransom.
A hacking group calling itself ShinyHunters posted a message on the accounts of the learning site Canvas which read:
“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.”
An expert says the hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed.
The Wake County Public School System posted on its site:
We are aware of a cybersecurity-related message currently appearing within Canvas for some users. Out of an abundance of caution, WCPSS has temporarily disabled the Canvas icon within the WakeID Portal while we work with our vendors and technology teams to verify system security and restore normal operations.
This action is being taken proactively to protect staff and student access while the issue is investigated.
What you should know:
- Do not attempt to access Canvas through alternate links or bookmarks until further notice.
- Do not click on any links, download files, or respond to any messages related to the pop-up.
We will provide updates as more information becomes available.
On Wednesday, The Wake County Public School system wrote there was a security breach involving Canvas, owned by Instructure Inc., which is used as part of North Carolina’s statewide learning management system.
According to the school district on Tuesday (May 5), Wake County Public School System and the North Carolina Department of Public Instruction were notified by Instructure about a cybersecurity incident affecting staff and student data.
The list of public schools, colleges and universities impacted by the breach and hack has grown to across the state and nationwide. The list includes large schools system in North Carolina as well as UNC-Chapel Hill, Duke University, Wake Forest University, North Carolina A & T State University, East Carolina University among others. A number of major universities across the country are posting similar alerts.
“Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode,” according to Infrastructure’s status page posted just before 8 p.m. eastern time,” We anticipate being up soon, and will provide updates as soon as possible.” A few hours earlier the site posted that an investigation was underway.
According to multiple tech news sources, ShinyHunters has claimed responsibility for breaches of companies such as Ticketmaster A T & T and security firm ADT.
On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. Instructure detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, they revoked additional suspicious access and addressed underlying system vulnerability. Instructure has found no indicators of an ongoing threat.
The district went on the state that personal data of current staff and students may have been accessed, but there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach.
While the breach is a result of Instructure’s system, the school district says it is in ongoing communication with them as they work to investigate how we are affected.
Instructure said on its website that the North Carolina Department of Public Instruction agreed to use Canvas in 2015 across all state public K-12 schools.
“We selected Canvas after conducting a thorough evaluation with the administration and staff from multiple schools in North Carolina,” said Tracy Weeks, chief academic and digital learning officer at the NC Department of Public Instruction in a 2025 news release announcing the arrangement. “We encourage schools to take advantage of the statewide pricing. We’re confident they’ll find Canvas simple to learn and easy to use.”
This isn’t the first time Tar Heel schools have been impacted by a data breach as there was another one less than a year ago.
The North Carolina Department of Public Instruction (NCDPI) announced in early 2025 that a major data breach at vendor PowerSchool compromised sensitive personal information of students and staff across the state. The breach, stemming from a December 2024 incident, exposed names, social security numbers, and contact info, leading to extortion attempts by hackers in May 2025
For more information, visit Instructure’s website: https://status.instructure.com/
The Associated Press contributed to this report
Stay with FM 92.9, AM 680 WPTF, NCN News and WPTF.com for the latest on this developing story.