Community Letter Sent out to Families 5.7.26:
This only applies to students and staff at DeKalb High School.
Notification of Canvas Learning Management System data breach
District 428 has been informed by Instructure Canvas of a recent data breach within their Canvas Learning Management System. The data breach allowed unauthorized access to certain information stored within their systems. A third party has claimed responsibility for accessing a database containing student and staff records.
According to the investigation, the data potentially accessed includes:
- Full names and email addresses
- Course enrollment information
- Canvas messages between users
Our school district takes data security and the safety and privacy of our students very seriously. Our Technology Department is in direct communication with Canvas to determine the full extent of the impact on District 428. Canvas will follow up with information and resources to support anyone impacted. That information will be shared when it is received.
District 428 Data Security Measures
Data safety and security are a constant top priority, and we have several robust measures in place to safeguard our systems:
- Two-Factor Authentication: For key systems, staff must verify their identity with a second factor, such as a security key or text message authentication, in addition to their password.
- Processes and procedures for systems that control where key information is stored.
- Access security best practices and internal controls that restrict who has rights to view, add/delete, or edit information.
- Disabled remote technical support access to mitigate risks from third-party systems.
We understand this news is concerning. We will continue to provide updates as more information becomes available from Canvas.
Based on information from Instructure, the parent company of Canvas LMS the breach occurred “On April 25, 2026, Instructure experienced a cybersecurity incident perpetrated by a criminal threat actor. We detected the attacker on April 29 and immediately revoked the access. On April 30, as the investigation expanded, we revoked additional suspicious access and addressed the underlying vulnerability. We have found no indicators of an ongoing threat.”
According to the investigation, the data potentially accessed includes:
- Student and Staff full names and District email addresses
- Course enrollment information
- Canvas messages between users
To Contact Instructure:
Salt Lake City, Utah
Instructure, Inc.
6330 South 3000 East
Suite 700
Salt Lake City, UT 84121
Phone:
1.801.869.5000
Fax:
1.888.213.3894
Students and staff affected by this breach can reach out to the agencies listed below.
National Consumer Reporting Agencies
You can contact these agencies to request credit reports, set up fraud alerts, or initiate security freezes.
Equifax
Toll-Free: (800) 685-1111
Website: equifax.com
Address: P.O. Box 740241, Atlanta, GA 30374
Experian
Toll-Free: (888) 397-3742
Website: experian.com
Address: P.O. Box 4500, Allen, TX 75013
TransUnion
Toll-Free: (800) 916-8800
Website: transunion.com
Address: P.O. Box 2000, Chester, PA 19016
Federal Trade Commission (FTC)
The FTC provides resources for identity theft prevention and consumer rights.
Toll-Free: (877) FTC-HELP (877-382-4357)
Website: ftc.gov
Address: 600 Pennsylvania Avenue, NW, Washington, DC 20580
Identity Protection Information
Please be aware that parents and legal guardians may obtain detailed information from the Federal Trade Commission and the consumer reporting agencies listed above regarding fraud alerts and security freezes. These tools are essential for protecting against unauthorized credit activity.
Printable Version