A group of US lawmakers has formally requested explanations from Instructure, the company behind the educational platform Canvas, following a series of security incidents that allegedly compromised student and academic user information. The news was published by TechCrunch.
Canvas is one of the most widely used educational management systems in universities, schools, and academic institutions in the United States. Therefore, any incident involving data breaches immediately raises concerns about student privacy and the protection of sensitive information.
According to the report, lawmakers sent an official letter to the company requesting details about:
- the scope of the breaches
- what type of information was compromised
- when the company detected the incidents,
- What measures were implemented to protect students, teachers, and affected institutions?
Among those who promoted the claim are members of Congress affiliated with technology oversight and consumer protection committees. The officials expressed concern over the handling of personal data within educational platforms widely used by minors, universities, and public entities.
In the letter, lawmakers pointed out that educational institutions "increasingly rely on digital platforms for essential functions," and warned that a security breach in that environment could affect not only individual privacy, but also complete academic operations. ( TechCrunch )
They also raised concerns about potential delays in incident reporting and the company's transparency towards users and educational institutions. The Congress requested detailed information on Instructure's data retention policies, access monitoring practices, and implemented cybersecurity measures.
The case once again puts pressure on the edtech sector, which in recent years has accumulated enormous volumes of personal and academic information while cyberattacks against universities and educational platforms have simultaneously increased.
Security experts warn that educational institutions have become prime targets for criminal groups and state actors due to the vast amount of sensitive data they handle: academic records, financial information, biometric data, institutional credentials, and personal documentation.
The political concern also reflects a broader debate that is gaining traction in Washington: to what extent large technology platforms – including cloud-based educational services – are prepared to protect critical data against modern threats driven by automation and artificial intelligence.
The incident also illustrates how cybersecurity has evolved from a purely technical issue into a political and regulatory matter. Each major data breach further increases pressure on technology companies and fuels calls from Congress to strengthen data protection standards and transparency requirements.