Instructure and Charlotte-Mecklenburg Schools: CMS announces data breach involving its online class assignment portal

Charlotte-Mecklenburg Schools Reports Data Breach Affecting Canvas Portal

Charlotte-Mecklenburg Schools (CMS) in North Carolina has disclosed a data breach involving Canvas, a third-party online learning platform used by teachers to post assignments. The district confirmed that the incident may have exposed some personal information but emphasized that CMS’s internal systems remained unaffected.

The breach was identified and contained by Instructure, the company behind Canvas, which stated that the portal remains fully operational. While details on the scope of the exposed data have not been fully disclosed, CMS is investigating the incident to determine the extent of the impact on students and staff.

The breach highlights ongoing risks associated with third-party educational platforms, particularly as schools increasingly rely on digital tools for remote and hybrid learning. Further updates are expected as the investigation progresses.

Source: https://www.wccbcharlotte.com/2026/05/06/cms-announces-data-breach-involving-its-online-class-assignment-portal/

Instructure TPRM report: https://www.rankiteo.com/company/instructure-inc-

Charlotte-Mecklenburg Schools TPRM report: https://www.rankiteo.com/company/cms-boe

"id": "cmsins1778128596",
"linkid": "cms-boe, instructure-inc-",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Students and staff',
                        'industry': 'Education',
                        'location': 'North Carolina, USA',
                        'name': 'Charlotte-Mecklenburg Schools (CMS)',
                        'type': 'Educational Institution'},
                       {'industry': 'EdTech',
                        'name': 'Instructure (Canvas)',
                        'type': 'Third-party Service Provider'}],
 'data_breach': {'type_of_data_compromised': 'Personal information'},
 'description': 'Charlotte-Mecklenburg Schools (CMS) in North Carolina has '
                'disclosed a data breach involving Canvas, a third-party '
                'online learning platform used by teachers to post '
                'assignments. The district confirmed that the incident may '
                'have exposed some personal information but emphasized that '
                'CMS’s internal systems remained unaffected. The breach was '
                'identified and contained by Instructure, the company behind '
                'Canvas, which stated that the portal remains fully '
                'operational.',
 'impact': {'data_compromised': 'Personal information',
            'systems_affected': 'Canvas portal (third-party platform)'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'containment_measures': 'Breach contained by Instructure'},
 'title': 'Charlotte-Mecklenburg Schools Reports Data Breach Affecting Canvas '
          'Portal',
 'type': 'Data Breach'}