Skip Navigation
Office Directory
Information Technology
Instructure / Canvas Global Security Incident

Instructure / Canvas Global Security Incident

We are sharing an update regarding a recent security issue at Instructure, the company that provides Canvas, our learning management system.

What Happened?

Between late April and early May 2026, Instructure identified unauthorized activity on the Canvas platform.  This incident affected 275 million users across numerous educational institutions, including Prince George’s County Public Schools.

As a precaution, Instructure temporarily took Canvas offline to apply security patches and reset system-wide safeguards.

What Information Was Impacted?

According to Instructure’s independent investigation:

  • What may have been accessed: Names, email addresses, student IDs and messages sent within the Canvas Inbox.
  • What was NOT accessed: Passwords, financial information, dates of birth, and Social Security numbers.

Our internal systems remain secure. This issue was limited specifically to the Canvas environment. PGCPS does not store sensitive information in Canvas.

What Should I Do?

You do not need to take any technical action at this time, but we recommend these safety steps:

  1. Watch for "Phishing" Emails: Be cautious of emails asking for your login info or claiming your account is "locked." We will never ask for your password via email.
  2. Verify Links: Only log in to Canvas through Clever or using our direct link: http://pgcps.instructure.com/.
  3. Report Issues: If you notice anything unusual in your Canvas account, please contact the Service Desk immediately.
  4. Official Information Only: Do not rely on third-party lists or social media posts naming potentially affected organizations as those lists aren't verified. Do not follow suspicious links or download files about the incident - this could put you at risk. For official updates, you may visit: https://www.instructure.com/incident_update

How does PGCPS protect my data?

To ensure a safe digital learning environment, we maintain a robust, multi-layered security framework designed to protect your family's information at every level:

  • Enhanced Access Security: By utilizing Single Sign-On (SSO), we ensure your login credentials remain safeguarded within our own protected, centralized infrastructure. In the case of Canvas, SSO, for example, prevents third party applications from storing PGCPS credentials. This is an important safety feature.
  • Legal Compliance: We strictly follow federal privacy laws like FERPA, COPPA and Maryland Code of Education 4-131 to ensure your student's data is handled with the highest security standards.
  • App Vetting: As part of the approval process, digital tools are subject to a comprehensive security audit and privacy review, and hold third-party providers that manage sensitive information to rigorous security requirements.
  • Advanced Technical Safeguards: Our network is protected by enterprise-grade security tools that continuously monitor for and obstruct unauthorized traffic to neutralize potential cyber threats. Additionally, our CIPA-compliant, policy-driven web content filters protect our students and staff from accessing inappropriate and malicious websites.
  • Strategic Data Minimization: To enhance privacy, we only provide approved third-party partners with the specific data points essential for their tools to function correctly.