Norman Public Schools: OU Canvas hacked in nationwide data breach ahead of finals week

Global Canvas Data Breach Impacts OU and Norman Public Schools

A hacker extortion group has targeted the widely used learning management system (LMS) Canvas in a worldwide data breach, affecting institutions including the University of Oklahoma (OU) and Norman Public Schools. The incident occurred just ahead of OU’s finals week, raising concerns about potential disruptions to academic operations.

The breach was attributed to a cybercriminal group seeking to exploit vulnerabilities in Canvas, a platform used by educational institutions for course management and student data. While specifics on the compromised data remain unclear, the attack highlights risks to sensitive information stored within the system.

OU, headquartered at 860 Van Vleet Oval (Copeland Hall) in Norman, Oklahoma, confirmed its involvement in the breach, though further details on the scope and response are pending. The timing of the attack coinciding with a critical academic period underscores the broader threat posed by cyber extortion campaigns targeting education sectors globally. No ransom demands or additional details about the attackers have been publicly disclosed.

Source: https://www.oudaily.com/multimedia/ou-canvas-hacked-in-nationwide-data-breach-ahead-of-finals-week/video_d18b687e-3ccd-45ee-9989-51019097a540.html

Norman Public Schools TPRM report: https://www.rankiteo.com/company/norman-public-schools

"id": "nor1778195824",
"linkid": "norman-public-schools",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education',
                        'location': '860 Van Vleet Oval (Copeland Hall), '
                                    'Norman, Oklahoma',
                        'name': 'University of Oklahoma (OU)',
                        'type': 'Educational Institution'},
                       {'industry': 'Education',
                        'name': 'Norman Public Schools',
                        'type': 'Educational Institution'}],
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Student data, course management '
                                             'data'},
 'description': 'A hacker extortion group has targeted the widely used '
                'learning management system (LMS) Canvas in a worldwide data '
                'breach, affecting institutions including the University of '
                'Oklahoma (OU) and Norman Public Schools. The incident '
                'occurred just ahead of OU’s finals week, raising concerns '
                'about potential disruptions to academic operations. The '
                'breach was attributed to a cybercriminal group seeking to '
                'exploit vulnerabilities in Canvas, a platform used by '
                'educational institutions for course management and student '
                'data. While specifics on the compromised data remain unclear, '
                'the attack highlights risks to sensitive information stored '
                'within the system.',
 'impact': {'data_compromised': 'Sensitive information stored within the '
                                'system',
            'operational_impact': 'Potential disruptions to academic '
                                  'operations',
            'systems_affected': 'Canvas LMS'},
 'motivation': 'Extortion',
 'threat_actor': 'Hacker extortion group',
 'title': 'Global Canvas Data Breach Impacts OU and Norman Public Schools',
 'type': 'Data Breach'}