Cyber Incident Victim: Escambia County Public Schools
Date:
May 2026
Location:
United States of America
Summary
Escambia County Public Schools was among the institutions affected by a cybersecurity breach of the Canvas learning management system claimed by the hacking group ShinyHunters, which also impacted Santa Rosa County School District, Pensacola Christian College, Northwest Florida State College and the Escambia County Sheriff's Office. The breach exposed names, email addresses, student identification numbers and Canvas messages while passwords, dates of birth, social security numbers and financial information were not accessed, and Instructure responded by disabling Free‑For‑Teacher accounts, revoking privileged credentials, adding platform protections and restoring service after temporarily disabling some components. The district reported that Canvas remained operational with certain features disabled as a precaution, that instructional staff received alternative tools to maintain continuity, and that it continued to monitor the situation with updates from the vendor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 9 2026 the Pensacola News Journal reported that a cybersecurity breach affecting the third‑party education platform Canvas had impacted Escambia County Public Schools along with several other institutions in the Pensacola area. The breach was claimed by the hacking group ShinyHunters, which asserted responsibility for compromising Instructure, the company that owns Canvas. Among the entities named in the leak were the Santa Rosa County School District, Pensacola Christian College, Northwest Florida State College, and the Escambia County Sheriff’s Office. Escambia County Public Schools said it had been notified of the attack and that Instructure assured the district it was actively addressing the issue. While Canvas remained operational, some of its components were disabled as a precaution and instructional staff were provided with immediate alternatives to avoid disruption to teaching and learning.
Instructure stated that the attackers could have potentially accessed names, email addresses, student identification numbers, and Canvas messages and communications, but emphasized there was no indication that passwords, dates of birth, social security numbers, or financial information were compromised. Pensacola State College reported that it was monitoring the situation and had found no evidence its systems were breached. Pensacola Christian College confirmed the vulnerability was external and that none of its internal student information had been affected, adding that its security teams continued to monitor developments. The Escambia County Sheriff’s Office noted that it only used Canvas for scoring training modules and that its IT team was reviewing all related activity to ensure no exposure. Santa Rosa County District Schools confirmed its involvement in the cyberattack on May 7.
In response, Instructure said it had identified the underlying issue tied to Free‑For‑Teacher accounts, temporarily shut those accounts down to remove the access path used by the attackers, revoked privileged credentials and access tokens, deployed additional platform protections, rotated internal keys, restricted token creation pathways, and added monitoring across its systems. Escambia County Public Schools reiterated its commitment to safeguarding student and staff information and said it would continue to provide updates as further information became available from Instructure. The Canvas platform was reported to have returned to normal operation around 8 a.m. CT on May 8, with the investigation ongoing at the time of the article.