May 11, 2026
Dear Students, Parents, and Staff Members,
We want to inform you about a recent cybersecurity incident involving Canvas, an online learning management system used by many colleges and universities.
Our schools do not use Canvas as a primary system. However, some of our students and teachers access Canvas through partner colleges and universities (such as Indiana University, Ivy Tech, and other higher education programs). Because of this, members of our school community may be indirectly affected.
WHAT HAPPENED?
The company that runs Canvas, Instructure, reported that a cybercrime group known as ShinyHunters gained unauthorized access to certain data. Public reports indicate that information such as names, email addresses, student ID numbers, and some course-related messages have been exposed.
WHAT DOES THIS MEAN FOR OUR SPARTANS?
Since Canvas is used externally (through colleges), any potential impact would be limited to:
Students currently enrolled and graduates previously enrolled in dual-credit or college-level courses
Teachers associated with students enrolled in dual-credit or college-level courses
Teachers engaged in graduate or continuing education programs
If you do not use Canvas through a college or university, this incident does not apply to you.
WHAT IS THE RISK?
Phishing attempts are the largest risk! The primary concern is that attackers may use exposed contact information to send fake emails or messages that look like they come from a trusted source (such as our schools, a college, Canvas, or Instructure).
WHAT ARE THE RECOMMENDED ACTIONS?
If you use Canvas through a college or university, please take the following steps:
Be cautious with emails and messages related to Canvas or your college courses
Do not click links or download attachments from unknown or unexpected sources
Never share your password or login codes
Change your password if it is reused on other sites
Report suspicious messages to your college’s IT department or the district’s technology department
WHAT ARE THE NEXT STEPS FOR FCSC?
We are actively monitoring updates from Instructure, Indiana Department of Education, and higher education partners. At this time:
Our internal school systems are not affected
No action is required for students or staff who do not use Canvas externally
We will continue to provide updates if the risk changes
As a final reminder, neither our school nor any legitimate institution will ask you to send passwords or sensitive information by email or message. Treat any such request as suspicious.
With regards,
Jeremy Duncan
Superintendent, Fayette County School Corporation