U .S. Senators Bill Cassidy, M.D. and Tommy Tuberville have urged answers after a cybersecurity incident hit Instructure’s Canvas LMS, potentially affecting the data of 275 million students, families and teachers worldwide. Canvas is described as the most popular learning management system in the United States, used by approximately 30 million individuals for course management, student communication and administrative tasks.
The incident disrupted finals and end-of-year activities, and compromised data fields reportedly including usernames, email addresses, course names, enrollment information and messages. According to the U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee, the two attacks in 2025 and the ongoing incident raise questions about what information hostile actors accessed and what steps Instructure had in place prior to the breach.
The senators’ letter, dated 18 May 2026, asks a series of questions about security protocols, notification timelines and measures to support impacted students and institutions, among other issues. Instructure had previously stated that data fields involved included information such as usernames and emails, and the letter calls for more transparency and safeguards across the education technology sector.