RELEASE: Friedman Joins Colleagues Urging Federal Investigation into Canvas Cyberattack, Calls for Stronger Cybersecurity Support for Schools

LOS ANGELES, CA - U.S. Representative Laura Friedman (CA-30) joined Democratic colleagues calling on the Department of Justice and Department of Education to launch a full investigation into the recent cyberattack targeting Instructure and its subsidiary, Canvas, and calling for expanded cybersecurity resources for schools.

"The last thing our parents and students need to worry about when we're in the midst of finals and graduating is wondering whether or not their personal information has been compromised," said Congresswoman Laura Friedman (CA-30). "I'm joining my colleagues to call for a robust investigation of this breach and more cybersecurity resources for our schools, because with so much of our children's information online, we can't protect them with outdated security."

Canvas, a widely used online learning platform serving millions of students, educators, and institutions nationwide, was targeted in a cyberattack earlier this month that disrupted access to coursework during final exams and raised concerns about the security of student and faculty data. The attack is reported to have compromised 275 million users' data across 9,000 schools, including Glendale Community College in California's 30^th District.

The letter was signed by Congresswoman Laura Friedman (CA-30) and Representatives Nikema Williams (GA-05), Maxine Dexter, M.D. (OR-03), Eugene Simon Vindman (VA-07), Eleanor Holmes Norton (DC-AL), Mike Thompson (CA-04), James Walkinshaw (VA-11), Dwight Evans (PA-03), Donald S. Beyer Jr. (VA-08), and Betty McCollum (MN-04).

The full text of the letter is available here and below:

May 28, 2026

Dear Acting Attorney General Blanche and Secretary McMahon:

We write to urge the Department of Justice to take swift action to investigate, and prosecute to the fullest extent of the law, the cyber-attack perpetrated against Instructure, and its subsidiary, Canvas, and to call on the Department of Education to provide resources, training, and technical assistance to expand cybersecurity support for K-12 schools, colleges, and universities.

On Thursday, May 7th, students across the country opened Canvas to access coursework materials, and study for final exams. They were greeted by a message allegedly left by the hacker group ShinyHunters, which threatened to release the data of Canvas millions of users, and demanded ransom payments from universities. This appears to be the culmination of an ongoing cyber-attack against Instructure-wherein the company was initially breached on May 1st. By May 3rd, Shiny Hunters claimed to have breached 275 million users' data across nine thousand schools. While it appears that most students regained access to Canvas by May 8th, this incident highlights the vulnerability of student, faculty, and staff data, and demands thorough investigation.

This breach left schools in the lurch, having to act urgently to attempt to protect their students' data. Platforms like Canvas contain an inordinate amount of data about students and faculty alike-including names, email addresses, student ID numbers and Canvas messages. According to Instructure, it is not believed that this breach included other sensitive information, such as passwords, birth dates, or financial information.

However short-lived, this breach demonstrated the need for robust investigation and prosecution of cybersecurity breaches, and the need to harden the cybersecurity infrastructure of our education system. With so much learning happening online, it is imperative that schools have the resources they need to maintain their student and faculty data privacy.

We look forward to working with you in our efforts to protect student data, and cybersecurity in education.

Sincerely,

MEMBERS OF CONGRESS

###