Nationwide security incident involving Canvas

Update 5/8/26 at 3:55 p.m.

GBAPS is actively monitoring the Canvas incident. Currently Canvas is operational. Parents/guardians have been requested to change their Canvas passwords. Students, staff and families have all been asked to remain vigilant for phishing, scam, and impersonation messages that may appear following the recent Canvas incident.
 

Update May 7, 2026, 10:30 p.m.

The District was informed on Friday, May 1, 2026, that there was a nationwide data security incident involving Instructure, the parent company of Canvas, our learning management system (LMS) for grades 6-12, KJ Academy and Da Vinci. We are monitoring the situation closely. Here is what we know as of now:   

• Instructure has confirmed that an unauthorized third party accessed certain Canvas data. 
• GBAPS systems and network have not been compromised.  

Canvas went down for all organizations/institutions and then was available later in the evening.  According to Canvas, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, student-issued email addresses, and student ID numbers, as well as messages among users. At this time, Canvas has found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. 

GBAPS is actively monitoring this situation closely and will provide updates as we learn more. Additional information from Instructure can also be found on their status site.  

While no action is needed in connection with the incident at this time, GBAPS families are urged to watch for phishing attempts and monitor school accounts for any unusual activity and are encouraged to follow best practices for digital security and safety. 
 

Update May 7, 2026

Instructure, the parent company of Canvas, has notified GBAPS that the district was impacted by a widespread data breach affecting thousands of institutions and school districts.

Instructure informed the District that there is no indication that passwords, dates of birth, government identifiers, or financial information were involved in this incident. It is unclear what GBAPS data was involved, and Instructure’s investigation is ongoing.

Canvas is fully operational, and Canvas users do not need to take any action in connection with this incident at this time. Instructure has informed the District that it has taken steps to secure the platform, including remediating the underlying vulnerability. Additionally, Instructure has engaged a third-party forensics firm for an investigation and notified law enforcement authorities.

The District is actively working with Instructure to learn more about the impact of the incident and will provide updates when additional information is available.

 

May 6, 2026

The Green Bay Area Public School District is aware of a nationwide security incident involving Canvas, the District's learning management system for grades 6-12. We are actively monitoring updates from Instructure and assessing any impact on our services.

This is a vendor-driven, nationwide event affecting multiple organizations/institutions.

At present, the Green Bay Area Public School District has not been notified of any direct impact to our school communities. Canvas remains available and operational to District secondary staff and students.
 

Updates from Instructure, the parent company of Canvas, are available on the Instructure status page. The District will continue to monitor the situation and will provide updates as we have new information.