CMS student, staff data affected by nationwide breach, district says

Hackers breached a student data platform used by Charlotte-Mecklenburg Schools, district officials told employees Wednesday.

Canvas is an online learning management system where students access assignments and materials. It’s owned by an education technology company called Instructure. It’s widely used by school districts around the country and roughly 41% of colleges and universities in North America.

Over the weekend, Instructure was hacked by ShinyHunters, a criminal extortion group that’s also been linked to data breaches at three Ivy League institutions in late 2025. The group claimed its attack on Instructure affected nearly 9,000 schools worldwide and exposed personal identifying information for over 275 million students, teachers and staff, according to Inside Higher Ed.

“Recently, Instructure notified Technology Services of a cybersecurity incident affecting its systems,” CMS told employees Wednesday in an email obtained by The Charlotte Observer through a records request. “Instructure identified, contained, and remediated the vulnerability shortly thereafter. Canvas remains fully operational.”

The district took steps to review and secure its systems with guidance from the North Carolina Department of Public Instruction, the message stated.

“The data involved may include some personal information,” CMS warned. “Instructure has found ‘no indication that passwords, dates of birth, government identifiers or financial information were involved.’”

The district advised employees not to click on suspicious links and to report any unusual activity.

CMS has around 19,000 employees and 140,000 students.

This story was originally published May 6, 2026 at 3:30 PM.