NC to restore Canvas access to public schools after global data breach. Here’s when

AI-generated summary reviewed by our newsroom.

The state Department of Public Instruction will restore Canvas access to North Carolina public schools following the recent cyberattack and ransomware demand.

DPI shut off access on Thursday to the online learning management system used by students and teachers to access assignments and materials. On Monday, DPI said it will restore access to Canvas as of 4 p.m. But it will be up to individual school districts and charter schools whether to let their students and staff use Canvas.

“We encourage you to make local operational decisions based on your individual continuity needs and local circumstances,” State Superintendent Mo Green said in a message Monday to schools. “If you choose not to enable your public school unit’s (PSU) instance of Canvas, your technology director has been given instruction on how to proceed.”

It was not immediately clear how many schools will resume Canvas access. Wake County school system staff were meeting Monday afternoon to discuss whether to allow access. Chapel Hill-Carrboro Schools said it planned to resume access.

The criminal investigation into the global data breach is still ongoing with the FBI now joining the case. The hackers have given schools and the company that owns Canvas until Tuesday to respond to their ransom demand or risk having the data of users publicly released.

State law bars the payment of the ransomware demand for the North Carolina K-12 schools and institutions of higher education affected by the data breach.

Canvas is owned by Instructure, an education technology company. Canvas is part of North Carolina’s statewide learning management system for K-12 public schools. It’s also used by many colleges and universities, including Duke University and UNC-Chapel Hill.

Instructure was hacked by ShinyHunters, a criminal extortion group that’s also been linked to data breaches at three Ivy League institutions in late 2025. The group claimed its attack on Instructure affected nearly 9,000 schools worldwide and exposed personal identifying information for over 275 million students, teachers and staff, according to Inside Higher Ed.

Last week, Instructure notified schools about the April 29 data breach. Instructure says the data breach involved information like usernames, email addresses, course names, enrollment information and messages.

On Thursday, ShinyHunters posted a ransomware demand that appeared as a pop-up message when some students and teachers logged into Canvas.

Instructure said it had temporarily taken Canvas down on Thursday to “apply additional safeguards.” Instructure said Canvas is fully back online and is safe to use.

But DPI wasn’t as confident last week.

“Instructure has an ongoing breach from the threat actor, and it is not safe to use the system,” Green said in a message Thursday to schools.

But on Monday, Green said DPI has been informed by Instructure “that the Canvas environment throughout the nation and here in North Carolina has no ongoing signs of compromise.”

“As a result, NCDPI will return Canvas services to normal operations at 4 p.m. on Monday, May 11, 2026,” Green said.

The loss of Canvas access has forced teachers to take steps such as reschedule some exams and assignments. Teachers had to find alternative ways to provide instruction to students.

“We appreciate your patience, partnership and leadership throughout this incident response process,” Green said in his Monday update to schools. “We recognize the challenges this disruption created for PSUs, school leaders, educators, students and families across the state.”

Durham Public Schools told families that students will not be penalized for being unable to access Canvas while the platform remains unavailable.

Steve Daly, the CEO of Instructure, offered a public apology for the inconvenience and angst the data breach has caused.

“I’ll start where I should: with an apology,” Daly said in a letter posted on the company’s website. “Over the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn’t get answered. You deserved more consistent communication from us, and we didn’t deliver it. I’m sorry for that.”

This story was originally published May 11, 2026 at 3:17 PM with the headline “NC to restore Canvas access to public schools after global data breach. Here’s when.”