Canvas (Spartan Learning Portal) Cyber Security Communication to Families and Community Members

Dear Eastern Lancaster County School District Families and Community Members,

Eastern Lancaster County School District is committed to maintaining the security and privacy of student and staff information. The purpose of this communication is to make you aware of recent news reports regarding a cybersecurity incident involving Instructure, the company that provides the Canvas learning management system used by our secondary students.

Media reports have referenced a cybercriminal group known as “ShinyHunters” and allegations involving unauthorized access to certain information connected to Instructure systems. At this time, Eastern Lancaster County School District has not received any official communication from Instructure indicating that our specific district data has been affected by this incident.

Based on publicly available reports and statements attributed to Instructure, the information potentially exposed in the reported breach appears to be limited primarily to email address information. At this time, there have been no reports indicating exposure of grades, financial information, or other sensitive student data connected to our district.  Our Technology Department has proactively initiated communication with Instructure to request information regarding whether our district has been impacted in any way. As of this communication, we have not yet received a response from Instructure.

Our District Technology Department takes cybersecurity matters very seriously. We have been actively monitoring the situation, reviewing available information, and communicating internally with district staff regarding appropriate security precautions and awareness practices.

As part of our ongoing response and preventative efforts:

• We have increased multi-factor authentication (MFA) security requirements for staff access to Canvas and related systems.
• We are continuing to review account security and monitoring practices across our technology environment.
• Secondary students will receive updated passwords sometime next week as an added security precaution.
• Staff members have been informed about the incident and reminded about cybersecurity best practices, including phishing awareness and password security.

We understand that cybersecurity news can create concern for families, especially when educational technology systems are involved. Please know that protecting student and staff information remains one of our highest priorities. We will continue to work closely with our technology partners and monitor for any official updates related to this matter.

If we receive additional verified information that directly impacts our district, we will communicate promptly with our families and staff.

Thank you for your continued partnership and support.