Tyrrell County Schools Families,
This communication is to inform you of a cybersecurity incident impacting Instructure, the parent company of Canvas, a learning management system used in some of Tyrrell County schools.
On Thursday (May 7th), users logging into Canvas saw a message from the threat actor responsible for compromising Instructure. The message appeared to Canvas users nationwide, including those affiliated with the North Carolina Department of Public Instruction (NCDPI), North Carolina Virtual Public School (NCVPS) and several North Carolina public school units.
NCDPI is working with Instructure to determine what information may have been accessible within Canvas. Data could include: Username, UID Identification number, first name, last name, email address. The following data sets may have been enabled by some schools: phone number (if enabled by school), IP address, assessment results, messages and submitted assignments.
NCDPI has taken the mitigation steps that we can take for our schools. Out of an abundance of caution and to help protect North Carolina schools and data, access to Canvas through NCEdCloud was temporarily disabled for all North Carolina students and staff. At this time, Instructure and NCDPI have completed their investigation and NCDPI has re-enable Canvas through NcEdCloud.
Tyrrell County Schools takes the security of student and educator data seriously. We will continue working along NCDPI to coordinate with partners to monitor the situation and assess any potential impact.
For a timeline of events, as well as the latest updates from Instructure, visit the company’s incident status page at https://status.instructure.com.
Thank you for your support as we work to keep our student and educator data secure.