Potential Class Action Investigation · Students, Parents, Teachers, and Staff

Canvas Data Breach Investigation

Hall Attorneys, P.C. is investigating the May 2026 cybersecurity incident involving Canvas LMS, the learning-management platform used by schools, universities, teachers, students, parents, and staff across the United States and worldwide.

Instructure, the company behind Canvas, has confirmed that it experienced a cybersecurity incident involving a criminal threat actor. According to Instructure, information potentially involved includes names, email addresses, student ID numbers, and messages among users. Instructure has stated that, at this stage, it has found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.

Submit Your Information Contact Hall Attorneys

Last reviewed May 6, 2026

Quick take

Canvas is one of the most widely used learning-management systems in education.
The reported Canvas breach may involve student, teacher, and staff data, including names, email addresses, student ID numbers, and messages exchanged inside Canvas.
The private-message component makes this incident different from an ordinary email-address breach.
Hall Attorneys is investigating potential class-action claims for students, parents, teachers, staff, and other Canvas users.

We are interested in speaking with

Parents or guardians of K-12 students
Students whose Canvas messages involved sensitive topics
Teachers or staff whose communications with students may have been exposed
Anyone who received a notice from a school, district, university, or Instructure
Anyone who has experienced suspicious emails, password-reset attempts, impersonation, or phishing after the incident

What happened in the Canvas breach?

Instructure disclosed a cybersecurity incident in early May 2026. The company stated that it was investigating the incident with outside forensic experts and had taken steps to contain the event, including revoking privileged credentials and access tokens associated with affected systems, deploying security patches, rotating certain keys, and increasing monitoring across its platforms.

The incident has been publicly associated with Canvas, Instructure's learning-management platform. Canvas is used by schools and universities to manage coursework, assignments, grades, and communications between students, teachers, and staff.

Public reporting states that the hacking group ShinyHunters claimed responsibility for the attack and claimed that the breach affected thousands of educational institutions and hundreds of millions of people. Those numbers have not been confirmed by Instructure, and Hall Attorneys is continuing to investigate the scope of the Canvas incident.

What information may have been exposed?

According to Instructure and notices from affected institutions, information potentially involved may include the categories below.

Names

Student, teacher, staff, or user names may have been exposed.

Email addresses

School, personal, or institutional email addresses may have been exposed.

Student ID numbers

Student identifiers may have been involved. Student IDs can be used in school systems, campus services, institutional communications, and account-recovery workflows.

Canvas messages and user communications

Messages exchanged within Canvas may have been involved. This is one of the most serious aspects of the incident because Canvas messages may contain private educational communications between students, teachers, faculty, counselors, school staff, and classmates.

Instructure has stated that, as of its current investigation, it has found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. That assessment may change as the investigation continues.

Why the Canvas message breach matters

Many data breaches involve only names and emails. This incident may be different.

Canvas is not merely a homework website. For many schools, it is a core educational platform used for assignments, grades, course materials, class communications, extensions, teacher feedback, student concerns, and private messages.

The exposure of private educational communications can create risks beyond ordinary identity theft, including phishing, impersonation, embarrassment, harassment, extortion, reputational harm, and loss of privacy.

Was your school affected?

Instructure serves thousands of educational institutions. Public reporting says the threat actor claimed that thousands of schools, universities, districts, and educational platforms were affected. Instructure has not publicly confirmed a complete list of affected institutions.

You may be affected if your school, district, college, or university uses Canvas; you received a notice about a Canvas security incident; your child used Canvas for schoolwork or messages; you are a teacher, professor, administrator, staff member, or former student with a Canvas account; or your Canvas account contained messages, student records, course communications, or identifying information.

Even if your school has not yet confirmed impact, you should preserve any notice, email, screenshot, or communication about the incident.

What should students, parents, teachers, and staff do now?

Step 1

Preserve all notices

Save any email, letter, school announcement, district alert, university notice, Canvas notice, or Instructure communication about the incident. Do not delete emails, even if they appear routine.

Step 2

Take screenshots

Screenshot any Canvas, school, district, or university alert page that mentions the incident. Include the date and the URL if possible.

Step 3

Do not paste sensitive Canvas messages into ordinary web forms

If your Canvas messages involved sensitive topics, preserve them, but do not paste highly private student-teacher messages into a public or unsecured form. Hall Attorneys can follow up if more detail is needed through an appropriate channel.

Step 4

Watch for phishing and impersonation

Be cautious of unexpected emails, texts, calls, or login prompts claiming to come from Canvas, Instructure, your school, your district, or a university IT office. Do not click unexpected links. Access Canvas and school portals directly through official school websites.

Step 5

Document suspicious activity

Keep a timeline of suspicious emails, password-reset attempts, impersonation attempts, account lockouts, or unusual messages that appear after the breach.

Step 6

Contact Hall Attorneys

Hall Attorneys is evaluating whether affected students, parents, teachers, staff, and other Canvas users may have claims.

Who should contact Hall Attorneys?

Parents and guardians

You may contact us if your child used Canvas, especially if your child's Canvas messages involved private, sensitive, disciplinary, disability, counseling, bullying, harassment, health, or family-related issues.

K-12 students

If you are a student, ask a parent or guardian to contact us. Do not send sensitive messages or documents without a parent or guardian.

College and university students

You may contact us if you used Canvas and received notice that your institution was affected, or if your Canvas messages involved sensitive academic, personal, disciplinary, health, disability, financial-aid, or harassment-related issues.

Teachers, faculty, and staff

You may contact us if your communications with students, parents, teachers, administrators, or colleagues may have been exposed.

Former students or former employees

You may still be affected if your old Canvas account or archived messages remained in Instructure's systems.

What Hall Attorneys is investigating

How the Canvas incident occurred
Whether Canvas messages and educational communications were accessed or taken
Whether affected users were notified promptly and accurately
Whether reasonable security safeguards were used for student and teacher data
Whether API keys, access tokens, privileged credentials, or integrations contributed to the incident
Whether minors' educational records or private communications were exposed
Whether users have experienced phishing, impersonation, or other misuse
Whether affected students, parents, teachers, and staff may be entitled to compensation or other relief

Helpful intake information

Please do not paste sensitive Canvas message content into an ordinary email or form. A general description is enough for now.

Whether you are a parent or guardian, K-12 student, college or university student, teacher, professor, staff member, administrator, former student, or former employee
Your school, district, college, or university name and location
Whether the institution used Canvas
Whether you received a Canvas, school, district, university, or Instructure notice, and the date received
Whether the notice mentioned names, email addresses, student IDs, Canvas messages, phone numbers, enrollment data, course information, or other data
Whether Canvas messages involved sensitive topics, described generally without pasting message content
Whether you noticed phishing emails, password resets, account lockouts, impersonation, scam calls or texts, or school-themed suspicious emails after the incident

Why choose Hall Attorneys?

Hall Attorneys handles complex litigation and data-breach matters involving sensitive personal information, privacy failures, and high-stakes technology systems.

We move quickly, preserve evidence, and focus on the facts that matter: what information was exposed, why it was stored, how the incident happened, what warnings were missed, how victims were notified, and what harms followed.

This investigation is not about a routine account issue. It concerns educational privacy, student communications, and the security of a platform that many students and teachers were required to use.

Contact Hall Attorneys

If you received a Canvas, Instructure, school-district, college, or university notice about this incident, or if your child used Canvas, contact Hall Attorneys.

You can also review Nicholas Hall's background or reach the firm through the contact page.

Nicholas Hall Data Breach Work

Frequently asked questions

What is the Canvas data breach?

The Canvas data breach is a cybersecurity incident disclosed by Instructure in May 2026. Instructure stated that certain user information at affected institutions may have been involved, including names, email addresses, student ID numbers, and messages among users.

Was Canvas hacked?

Instructure has confirmed a cybersecurity incident involving a criminal threat actor. Public reporting has connected the incident to Canvas, Instructure's learning-management platform. Instructure stated that it has contained the incident and is communicating directly with impacted customers.

What data was exposed in the Canvas breach?

According to Instructure, information potentially involved includes names, email addresses, student ID numbers, and messages among users. Instructure has stated that it has found no current evidence that passwords, dates of birth, government identifiers, or financial information were involved.

Were Canvas messages exposed?

Instructure has stated that messages among users may have been involved. This is important because Canvas messages can include private communications between students, teachers, faculty, staff, counselors, administrators, and classmates.

Was my child's Canvas information exposed?

Your child may be affected if their school or district uses Canvas and received notice from Instructure about the incident. Parents should preserve school notices, Canvas alerts, screenshots, and any related communications.

Should parents be concerned about Canvas messages?

Yes. Even if Social Security numbers or financial information were not involved, Canvas messages may contain private student-teacher communications, academic concerns, discipline issues, disability accommodations, counseling-related topics, bullying reports, harassment issues, or other sensitive information.

Did the breach involve passwords?

Instructure has stated that it has found no current evidence that passwords were involved. However, users should still watch for phishing emails and should avoid clicking unexpected links that claim to be from Canvas, Instructure, or school IT departments.

Did the breach involve Social Security numbers?

Instructure has stated that it has found no current evidence that government identifiers were involved. If that changes, affected institutions should provide additional notice.

Who is ShinyHunters?

ShinyHunters is a hacking and extortion group that public reporting has associated with the Canvas incident. The group reportedly claimed responsibility and alleged that the breach affected thousands of schools and hundreds of millions of people. Those numbers have not been confirmed by Instructure.

What should I do if I received a Canvas breach notice?

Preserve the notice, save related emails, take screenshots of any school or Canvas announcements, watch for phishing, and document suspicious activity. You may also contact Hall Attorneys to discuss whether you or your child may have a claim.

Can students file a class action over the Canvas data breach?

Students, parents, teachers, staff, and other affected users may have potential claims depending on what information was exposed, whether private messages were involved, what notice was provided, and what harms occurred. Hall Attorneys is investigating potential class-action claims.

Should I send Hall Attorneys my Canvas messages?

Do not paste highly sensitive Canvas messages into an ordinary web form. You may tell us generally whether your messages involved sensitive topics, such as accommodations, discipline, counseling, bullying, harassment, health, family issues, or academic records. If more detail is needed, Hall Attorneys can follow up.

Is Hall Attorneys affiliated with Canvas or Instructure?

No. Hall Attorneys is not affiliated with Canvas, Instructure, or any school, district, college, or university. Hall Attorneys is investigating potential legal claims on behalf of affected users.

Sources and updates

Instructure status page for May 2026 security-incident updates about Canvas and other Instructure platforms.
TechCrunch reporting on ShinyHunters claims, sample data, and unconfirmed scale allegations.
UT Austin Canvas vendor security notice describing the incident as a vendor-level event that may impact multiple institutions.
UC Berkeley Canvas/bCourses notice identifying names, emails, student ID numbers, and Canvas/bCourses messages as potentially involved.

Attorney Advertising

The information you provide will be used to evaluate your potential claim. Sending information does not create an attorney-client relationship. Do not send highly confidential information unless we specifically request it through a secure channel. This page is not affiliated with Canvas, Instructure, or any school, district, college, or university.