Cyberattack Disrupts Canvas Learning Platform for McHenry County Schools
A cyberattack this week targeted Canvas, an online learning management system used by multiple McHenry County, Illinois school districts and McHenry County College, causing temporary outages and exposing student and staff data.
Woodstock School District 200 confirmed that Instructure, Inc., Canvas’s parent company, notified them of a data breach allowing unauthorized access to certain system information. The exposed data may have included student names, email addresses, student ID numbers, and Canvas messages, though passwords, dates of birth, government identifiers, and financial details were reportedly not compromised. The district’s security measures including two-factor authentication, restricted external email access, and automated access controls remain in place, with ongoing consultations with cybersecurity experts to strengthen defenses.
Community High School District 155 also reported that Instructure detected a cybersecurity incident in late April, with unauthorized access leading to the potential exposure of similar data. Like District 200, District 155 stated there was no evidence of misuse and that the vulnerability had been addressed. Both districts advised monitoring for suspicious communications while assuring families that student and staff data security remains a priority.
McHenry County College did not respond to requests for comment. Meanwhile, several other local districts including McHenry 156, Crystal Lake 47, Harvard 50, Marengo 154, Marengo-Union 165, and Huntley 158 confirmed they do not use Canvas. Johnsburg School District 12 acknowledged a teacher had previously used the free version but stated it had not been active in the past six months and was not affected by the breach.
The incident highlights the growing cybersecurity risks facing educational institutions reliant on digital learning platforms.
McHenry County College TPRM report: https://www.rankiteo.com/company/mchenry-county-college
Instructure, Inc. TPRM report: https://www.rankiteo.com/company/instructure-inc-
Woodstock School District 200 TPRM report: https://www.rankiteo.com/company/woodstock-community-unit-school-district-200
"id": "insmchwoo1778308017",
"linkid": "instructure-inc-, mchenry-county-college, woodstock-community-unit-school-district-200",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students and staff',
'industry': 'Education',
'location': 'McHenry County, Illinois, USA',
'name': 'Woodstock School District 200',
'type': 'School District'},
{'customers_affected': 'Students and staff',
'industry': 'Education',
'location': 'McHenry County, Illinois, USA',
'name': 'Community High School District 155',
'type': 'School District'},
{'industry': 'Education',
'location': 'McHenry County, Illinois, USA',
'name': 'McHenry County College',
'type': 'College'}],
'customer_advisories': 'Assurance that student and staff data security '
'remains a priority',
'data_breach': {'personally_identifiable_information': 'Student names, email '
'addresses, student ID '
'numbers',
'sensitivity_of_data': 'Moderate (names, email addresses, '
'student ID numbers, Canvas messages)',
'type_of_data_compromised': 'Student and staff data'},
'date_detected': '2024-04-29',
'description': 'A cyberattack this week targeted Canvas, an online learning '
'management system used by multiple McHenry County, Illinois '
'school districts and McHenry County College, causing '
'temporary outages and exposing student and staff data.',
'impact': {'brand_reputation_impact': 'Potential impact on trust in digital '
'learning platforms',
'data_compromised': 'Student names, email addresses, student ID '
'numbers, Canvas messages',
'downtime': 'Temporary outages',
'identity_theft_risk': 'Potential risk due to exposed student data',
'operational_impact': 'Disruption to online learning platforms',
'payment_information_risk': 'None (financial details not '
'compromised)',
'systems_affected': 'Canvas Learning Management System'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Growing cybersecurity risks facing educational '
'institutions reliant on digital learning platforms',
'post_incident_analysis': {'corrective_actions': 'Strengthening defenses, '
'consultations with '
'cybersecurity experts'},
'references': [{'source': 'Incident Description'}],
'response': {'communication_strategy': 'Advisories to monitor for suspicious '
'communications',
'containment_measures': 'Vulnerability addressed',
'remediation_measures': 'Ongoing efforts to strengthen defenses',
'third_party_assistance': 'Consultations with cybersecurity '
'experts'},
'stakeholder_advisories': 'Advisories to monitor for suspicious '
'communications',
'title': 'Cyberattack Disrupts Canvas Learning Platform for McHenry County '
'Schools',
'type': 'Data Breach'}