Port Byron Central School District is notifying families after a cybersecurity breach involving Canvas, the online learning management system used by schools worldwide, potentially exposed student information.
District officials said the breach was tied to Instructure, the company that operates Canvas, which confirmed May 1 that a “criminal threat actor” gained unauthorized access to portions of its systems.
According to a notice sent to parents Thursday by Director of Technology and Data Privacy Officer Wenwei Hsu, the incident affected “thousands of educational institutions globally,” including Port Byron Central School District.
Officials said information potentially accessed during the breach may include student and parent names, email addresses, student ID numbers and internal Canvas messages exchanged between students and teachers.
The district said there is currently no evidence that passwords or dates of birth were compromised.
Instructure reportedly told schools the incident has been contained after the company revoked unauthorized access, patched vulnerabilities and rotated security keys connected to other school applications.
District officials are advising families to remain alert for phishing attempts or fraudulent emails that could use leaked names and email addresses to impersonate school communications or Canvas-related messages.
Parents and students were also encouraged to update passwords as a precaution, though officials emphasized password data was not believed to have been accessed.
The notification comes amid a broader wave of cyberattacks targeting educational institutions and third-party technology vendors that store student information.
Port Byron officials said the district will continue monitoring updates from Instructure’s ongoing forensic investigation and provide additional information if needed.
FingerLakes1.com is the region’s leading all-digital news publication. The company was founded in 1998 and has been keeping residents informed for more than two decades. Have a lead? Send it to [email protected].