May 8, 2026
Urgent Cybersecurity Update: Suspension of Canvas Services
Dear Carteret County Public Schools Families and Staff,
Following our previous communications regarding the national cybersecurity incident involving Instructure, the parent company of Canvas, we have received critical new information that requires immediate action.
We have now received direct verification via email from Instructure’s CEO that Carteret County Public Schools was among the institutions impacted by this breach. On May 7, 2026, an unauthorized actor gained access to the system and made unauthorized changes to pages visible to logged-in students and teachers.
Immediate Suspension of Access
In coordination with guidance provided by the North Carolina Department of Public Instruction (NCDPI) for all schools across the state, and out of an abundance of caution, Carteret County Public Schools has restricted all access to Canvas and removed all connectors to student data until further notice.
Students, staff, and parents should not attempt to access Canvas by any means. This includes:
Logging into Canvas via web browsers on any device.
Using the Canvas mobile app on any personal phone.
Attempting to access off-campus Canvas courses, including those through NCVPS.
Current Investigation
Instructure has reported that the breach occurred through an exploit of "Free-For-Teacher" accounts. While their initial forensic review suggests that no account credentials (passwords) were obtained and no additional data was exfiltrated, we believe it is in the best interest of our students’ and staff's privacy to completely sever our connection to the platform until the situation is fully resolved.
Commitment to Instruction
While this temporary suspension of Canvas changes how we access digital materials, our teachers and instructional leaders are working to ensure quality learning continues even apart from the learning management system. Providing a high-quality education remains our focus—as it always has been and always will be in Carteret County Public Schools.
Next Steps
Our technology team is working alongside state cybersecurity experts to evaluate the situation. We will remain in maintenance mode and keep all data connectors disabled until we receive verification from the NCDPI Cybersecurity Team that it is safe to resume use of the platform.
We appreciate your patience and partnership as we prioritize the protection of our district's data. Further updates regarding the restoration of services will be shared as soon as they become available.
May 7, 2026
Carteret County Public Schools (CCPS) is committed to transparency and proactive communication regarding the security of our student and staff data. We are currently monitoring two separate security-related matters and want to provide you with the most current information available.
1. Instructure (Canvas) Cybersecurity Incident
We have been made aware of a cybersecurity incident involving Instructure, the parent company of Canvas, the learning management system used by North Carolina Public Schools. CCPS uses Canvas only in grades 9-12 for high school students.
At this time, CCPS has no confirmation that any district-specific data has been compromised.
Our technology team has already issued a formal ticket to Instructure requesting confirmation of our status. Instructure has informed us that they are still investigating the incident and expect to provide more detailed data soon. According to the NC State Superintendent, Instructure’s preliminary findings suggest that compromised data nationally may include names, but there is currently no evidence that passwords, dates of birth, or financial information were involved.
For more information directly from Instructure (Canvas) and North Carolina’s Department of Public Instruction (NCDPI) on this matter, please use the following links:
NCDPI’s communication (May 6, 2026)
Canvas/Instructure's communication
2. Alert: ACT and Testing-Related Scams
In a similar but unrelated matter, we have received reports of a growing "social engineering" campaign targeting parents. Individuals posing as representatives from The ACT, WIDA/ACCESS, or affiliated test-prep companies are contacting families via phone, email, and SMS to request payments for test-related items or prep services.
Please be advised of the following:
No Payments Required: Under no circumstances will the NC Department of Public Instruction (NCDPI) or CCPS ask for payment over the phone or via email for these state-mandated tests.
Third-Party Sales: The ACT does not use telephone or email campaigns to sell third-party test prep resources.
Information Used: These scammers may already know a student’s name, address, or grade level to make the call seem legitimate.
Common Signs of a Scam:
A high sense of urgency or pressure to pay immediately.
Unexpected requests for credit card or banking information.
Suspicious links or attachments in follow-up emails.
This is a newly-developing situation, and as we receive more information directly from North Carolina’s Department of Public Instruction (NCDPI) on this matter, we will post links here.
Moving Forward
We take the security of our students and educators with the utmost seriousness. We are working closely with the NCDPI K-12 Cybersecurity Team to monitor both of these situations.
What you can do:
Stay Vigilant: If a communication regarding Canvas or testing "feels off," it likely is.
Verify: If you receive a suspicious call or email regarding testing, please contact the test coordinator at your school to verify its legitimacy before taking any action.
We will continue to provide updates as more information becomes available. Thank you for your continued partnership in keeping our school community safe.