What happened with Instructure and Canvas?

Reports indicate hackers breached Instructure’s Canvas platform twice and stole significant amounts of student data, prompting questions from U.S. House lawmakers.

Why are lawmakers involved?

Lawmakers want to understand how the intrusions happened, what data was affected, and whether Instructure responded appropriately to protect students and inform schools.

Why does this matter beyond one company?

Canvas is a widely used education platform, so the breaches highlight broader risks across education technology as schools rely on vendors to store and secure sensitive student information.

Lawmakers Press Instructure Over Canvas Data Breaches

Congress has turned up the heat on Instructure after hackers breached Canvas twice. The scrutiny now reaches beyond one company to the data security of schools and students.

Congress has zeroed in on Instructure after hackers reportedly breached its Canvas platform twice and took large amounts of student data.

U.S. House lawmakers want a clear account of how the education technology company suffered two intrusions, according to reports, and what safeguards failed along the way. The pressure reflects a broader fear in Washington and on campuses: schools now depend on software that holds deeply sensitive records, and attackers know it.

Lawmakers are not just asking what happened inside Canvas. They are asking whether the systems that schools trust with student data can withstand repeated attacks.

Canvas sits at the center of day-to-day academic life for many students and educators. When a platform that central stores personal and school-related information, a breach does more than create technical headaches. It shakes confidence across districts, colleges, and families that rely on those systems to function every day.

Key Facts

U.S. House lawmakers are demanding answers from Instructure.
Reports indicate hackers broke into Canvas twice.
Large volumes of student data were reportedly stolen.
The incident raises fresh concerns about security in education technology.

The questions facing Instructure now likely go beyond the mechanics of the hacks. Lawmakers will want to know when the company detected the breaches, how it notified affected users, and what it has changed since. They may also press for details on whether schools received enough information to assess the impact on their students and staff.

What happens next could shape more than one company’s response. If congressional scrutiny deepens, education software vendors across the market may face tougher demands on breach disclosure, security controls, and accountability. For schools already stretched thin, the stakes look immediate: the tools that keep classes running must also keep student data safe.

Lawmakers Press Instructure Over Canvas Data Breaches

Key Facts

Frequently Asked Questions