Hamilton Southeastern Schools is notifying families and staff that some limited user information may have been accessed during a cybersecurity incident involving the Canvas online learning platform used by school districts and universities across the country.

In a message sent to HSE families and staff Friday, the district said Canvas parent company Instructure reported that hackers were able to gain access to limited information connected to Canvas accounts.

According to HSE, the information potentially accessed included names, email addresses, student ID numbers used within Canvas, and messages exchanged through the platform. The district stressed that the student ID numbers connected to Canvas are not the same IDs students use for meal purchases, library checkouts or other school-related services.

Canvas is widely used by K-12 schools and higher education institutions as an online learning management system where teachers post assignments, grades, announcements and classroom materials.

The issue first surfaced on April 29, when Instructure detected unauthorized activity within Canvas and launched an investigation with outside forensic experts.

A second incident occurred May 7, when the company discovered additional unauthorized activity tied to the same breach. According to Instructure, the hackers altered pages some students and teachers saw after logging into Canvas. The company temporarily shut down portions of the system and placed Canvas into maintenance mode while additional safeguards were installed.

Instructure said investigators determined the breach was connected to vulnerabilities involving “Free-For-Teacher” Canvas accounts, a version of the service HSE Schools says it does not use.

The company temporarily shut down those free accounts while security fixes are implemented.

Instructure said there is currently no evidence passwords, birth dates, government identification numbers or financial information were compromised.

The company also reported there is no evidence additional data was stolen during the May 7 activity, although the investigation remains ongoing.

HSE officials said the district is working with its cyber insurance carrier, other school districts and the Indiana Department of Education to monitor developments.

The district also warned families to be cautious about suspicious emails, text messages or phone calls connected to the incident.

Cybersecurity incidents involving school systems and education technology vendors have become increasingly common nationwide in recent years. School districts are frequent targets because they maintain large amounts of student and employee data while relying heavily on third-party software systems for daily operations.

Instructure said it has notified law enforcement agencies including the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The company says Canvas is now fully operational again and that outside forensic investigators found no evidence the attackers still have access to the system.

Families seeking additional information can review updates posted by Instructure on its incident update webpage.