.
A digital illustration of two red glowing hands reaching through a computer monitor to type on a keyboard, with streams of binary code trailing from the wrists, symbolizing a cyberattack on an educational platform.

The online education platform Canvas was largely back online after a cyberattack left students and teachers at thousands of schools and universities scrambling. The attack raised urgent questions about data privacy, school cybersecurity, and student rights under FERPA.

Cyberattack on Canvas Platform Highlights Vulnerabilities and Risks for Schools

May 12, 2026

Cyberattack on Canvas Platform Highlights Vulnerabilities and Risks for Schools

You probably use Canvas every day — but did you know hackers just broke into it and may have stolen data from millions of students? Here's what happened, what it means for your privacy, and what schools need to do next.

Share

Share On Facebook
Share On Twitter
Share On Pinterest
Share On LinkedIn
Share On Microsoft Teams
Email
PBS News Hour Classroom
PBS News Hour Classroom
Follow

The online education platform Canvas is mostly back online Friday after a cyberattack left students and teachers at thousands of schools and universities scrambling. The attack has raised many questions about the vulnerability of schools, the dependence on such platforms and other risks. Ali Rogin speaks with threat intelligence analyst Luke Connolly about those concerns.

NOTE: If you are short on time, watch the video and complete this See, Think, Wonder activity: What did you notice? What did the story make you think about? What would you want to learn more about?

Discussion Questions

  1. What is Canvas?
  2. Who did the hack affect?
  3. When did the cyberattack occur?
  4. How many users does Canvas have? How many users do the hackers say were affected?
  5. Why do cybercriminals target software providers like Canvas, according to Luke Connolly?

Essential Questions

  • Do you think schools should rely on outside technology companies to keep personal information about students? What about to communicate with students? Why/why not? (i.e. private messaging between teachers and students, access to course materials, ability to manage grades, etc.)
  • Luke Connolly says a school district's budget is the main reason why schools have turned to outside service providers like Canvas as opposed to setting up the communication system in-house (inside the school district). Note: Public schools in America are primarily funded by local/state governments, which are mainly based on people's property taxes.
    • How did schools communicate with students before ed tech platforms like Canvas were invented? What were budgets like then? If you are not sure, how could you find out?
  • Media literacy: The News Hour interviewed a cybersecurity expert for this story. Who else would you like to see interviewed for this piece and why?

What Students Can Do

Why is your personal information or "data" of such value to entities ranging from companies like Google to hackers?

Take a moment to jot down a list of what information you think your school maintains about you. Share responses together as a class. If you are not sure of an item, invite your principal to speak with your class about privacy issues and answer your questions. Did any items surprise you? Why?

Personally identifiable information (PII) includes private information that may reveal your identity and potentially allow cybercriminals to steal your identity. The following items make up your PII, according to the Department of Defense:

  1. Social security number (SSN), passport number, driver's license number, taxpayer identification number, patient identification number, and financial account or credit card number
  2. Phone number and personal address
  3. Biometric records such as photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, retina scan, voice signature, facial geometry

Dig deeper: What is FERPA? Learn about FERPA, or the Family Educational Rights and Privacy Act of 1974, the federal law that governs student data in both public and private schools. Take a look at this student privacy page from the Department of Education and watch the video. Note the year of the video. What do you think has changed since the video came out? Read the section "Does the Canvas Breach Trigger a FERPA Violation?" from the article Canvas Breach: What It Means for Schools & FERPA Compliance.

PII Confidentiality Impact Levels. Photo Credit: U.S. Army
PII Confidentiality Impact Levels. Photo Credit: U.S. Army

Subscribe to Our Newsletter

Want to see more stories like this one? Subscribe to the SML e-newsletter!

Sign Up Here.

Republished with permission from PBS News Hour Classroom.

PBS News Hour Classroom
PBS News Hour Classroom helps teachers and students identify the who, what, where and why-it-matters of the major national and international news stories. The site combines the best of News Hour's reliable, trustworthy news program with lesson plans developed specifically for... See More
Advertisement

Post a comment

Log in or sign up to post a comment.