![Technology lines graphic in navy.]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1778191202/darek12ncus/pxk7g435ci5w0eh7adi2/TechnologyThumbnail.png","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1778191202/darek12ncus/pxk7g435ci5w0eh7adi2/TechnologyThumbnail.png","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1778191202/darek12ncus/pxk7g435ci5w0eh7adi2/TechnologyThumbnail.png","width":800}])
Dare County Schools has been notified of a security breach at the national level involving Canvas (Instructure, Inc.) which is used by districts across the state as part of North Carolina’s statewide learning management system. Dare County Schools uses the Canvas platform in grades 6-12.
History of the Breach
On May 5, 2026, Dare County Schools was made aware by Instructure of a cybersecurity incident affecting staff and student data . This incident impacted Dare County Schools and other school systems across the state.
The following details were shared with us at that time. On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. Instructure detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, they revoked additional suspicious access and addressed underlying system vulnerabilities.
Data Involved
Based on the information that Dare County Schools has received from NCDPI and Instructure, personal data of current staff and students may have been accessed (but there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach).
Regular Updates
We are still in the early stages of this investigation and in the information-gathering process. While the breach is a result of Instructure’s systems, Dare County Schools Technology Department is engaged in ongoing communication with NCDPI and Instructure as they work to investigate how our school system might have been impacted. We are following all state incident reporting requirements and will share additional information as soon as that information is confirmed.
Next Steps
As with any security incident, users should remain alert for phishing attempts or suspicious communications. If it looks suspicious, do not open or download it. As Instructure mitigates this breach, we are being advised that users may experience Canvas outages. We are recommending that staff not depend on the availability of Canvas until Instructure has removed any potential threats and Dare County Schools received notification that the site is clear.
For the latest information from Instructure directly, please monitor https://status.instructure.com.
Dare County Schools takes the security of student and educator data with the utmost seriousness. We will keep you informed as this situation develops, and we will continue to leverage our state partners through this and any future incidents.
If you have questions, please contact our Dare County Schools Director of Technology, Holly King, at kingholly@daretolearn.org.
Thank you for your partnership and patience as we work through this together.