Orange County Public Schools student data safe after Canvas cyberattack, district says

Orange County Public Schools (OCPS) has clarified that its student data remained secure following the May cyberattack on the Canvas online learning platform. Instructure, the company behind Canvas, initially reported that hackers accessed names, email addresses, student IDs, and private messages from millions of users across the U.S., but confirmed OCPS was not affected. The breach involved unauthorized access to certain user data, though no passwords, Social Security numbers, birth dates, or financial information were compromised, according to Instructure. A hacking group called ShinyHunters claimed responsibility and demanded a ransom, setting a May 12 deadline before threatening to publish the stolen data. Instructure later struck a deal with the hackers to delete the compromised information. Canvas serves approximately 9,000 schools globally, including major universities like Harvard and Princeton. OCPS, which uses the platform, issued a statement reassuring families and employees that no district data was leaked. The company’s confirmation followed an initial warning about the breach’s scope, which affected users nationwide. The incident highlights ongoing cybersecurity risks in educational technology, particularly for widely used platforms like Canvas. OCPS urged patience and transparency amid the situation, emphasizing that no local data was exposed.