Chairman Cassidy, Tuberville Seek Answers on Canvas Cybersecurity Incident, Calls for More Safeguards to Protect Students

U.S. senators raised urgent concerns about a major cybersecurity incident at Instructure’s Canvas LMS that reportedly disrupted service and led to unauthorized disclosure of usernames, email addresses, course names, enrollment information and messages — potentially affecting roughly 275 million people and over 8,000 educational institutions. The letter requests transparency about the timeline, notified agencies, protections in place, remediation taken after a prior 2025 incident, the terms of an alleged agreement with the unauthorized actor, and steps to notify and assist impacted students and schools.