Massive data breach of education platform 'Canvas' impacts schools across Florida

A major cyberattack on the learning management platform Canvas by Instructure has compromised sensitive data for millions of students and teachers across Florida. The breach, claimed by hackers, exposed approximately 275 million records, including names, email addresses, student IDs, and private messages exchanged through the platform. Affected institutions in Tampa Bay and Central Florida include Hillsborough County Public Schools, Pinellas County Schools, the University of South Florida (USF), St. Petersburg College, and Embry-Riddle Aeronautical University. Hillsborough County Public Schools and USF temporarily disabled Canvas access as a security measure, though no Social Security numbers, passwords, or financial information were stolen. The hackers have threatened to release the stolen data unless a ransom is paid by next Tuesday. Instructure stated the breach has been contained, but concerns persist over the exposure of private communications between students, teachers, and parents. Hillsborough County Public Schools advised families not to access Canvas from personal devices and assured them no immediate threat exists, though the platform remains disabled at least through the weekend. USF acknowledged the disruption during final exams, noting alternative solutions are being explored, with final grades not due until May 12. The district’s IT security team continues monitoring the situation closely, prioritizing data protection. Central Florida institutions, including Orange, Seminole, Osceola, Brevard, and Marion county schools, confirmed their use of Canvas for teaching or administrative purposes. Embry-Riddle Aeronautical University also reported being affected, though details remain limited. The breach underscores growing cybersecurity risks in education, raising questions about data safeguards in widely used digital platforms.