Canvas Cyberattack Disrupts Thousands of Schools During Finals

Pressure is building on a four-decade-old Supreme Court decision that forces American school districts to educate children living in the country illegally, even as those same districts grapple with massive cyber intrusions that put student information at risk. Republicans in Congress and state legislatures say the 1982 Plyler v. Doe ruling no longer makes sense in an era of record illegal crossings, strained budgets, and growing threats to children both inside and outside the classroom.

The landmark case established that states cannot bar immigrant children from public schools regardless of their legal status. At the time, the Court cited the Fourteenth Amendment and concerns about creating a permanent underclass. Today, critics call it an unfunded mandate that prioritizes foreign nationals over American families. Rep. Chip Roy of Texas, who is also running for state attorney general, said during a March congressional hearing that the decision has outlived its usefulness. “It’s time for it to go,” Roy declared. “Any amount of illegal immigration in our hospitals, jails, schools, or elsewhere should not be tolerated. States should have the ability to curb it.”

Several states have introduced legislation in the past year attempting to gather data on students without legal status or require them to pay tuition. While those bills have not passed, supporters believe they could tee up a fresh Supreme Court challenge, especially with the current administration’s aggressive deportation push. The Trump White House has expanded arrests, encouraged self-deportation, and removed previous restrictions on enforcement actions near schools. In April, government lawyers argued before the justices on related immigration matters, signaling a broader willingness to revisit long-settled precedents.

School districts already facing tight budgets argue that every dollar spent on students who are here illegally is a dollar not spent on American children. English-language instruction, special services, and overcrowding add significant costs at a time when many systems are still recovering from pandemic learning losses. Immigrant advocates counter that denying education would only deepen poverty and create social problems later. Yet even some Democrats in high-immigration areas have begun quietly acknowledging the strain on classrooms, housing, and hospitals.

That strain became dramatically visible this week when hackers calling themselves ShinyHunters claimed responsibility for breaching Instructure, the company behind the widely used Canvas learning platform. The group says it stole data from 8,809 schools worldwide and more than 280 million records belonging to students, teachers, and staff. Some institutions, including Harvard and the University of California Irvine, saw login pages defaced with ransom demands. The hackers have given schools until May 12 to negotiate a payment or face the public release of personal information.

Canvas serves thousands of American districts. Students suddenly locked out of assignment portals, discussion boards, and grade reports found themselves staring at messages from the extortion gang. Instructure confirmed a cybersecurity incident and said it is working with outside experts, but the episode underscores how vulnerable educational infrastructure has become. When districts are already stretched thin accommodating large numbers of students who entered the country illegally, basic cybersecurity can slip down the priority list. Parents watching their children’s private data held for ransom have every right to ask why resources are being diverted in the first place.

The situation in Chicago illustrates how enforcement realities continue beneath the surface of reduced visibility. After chaotic scenes last fall featuring masked federal agents and tear gas in neighborhoods, large-scale raids have quieted. Yet an analysis of deportation data shows 580 people were detained in the Chicago area from January through mid-March. Community groups that once rushed to neighborhoods to monitor arrests have shifted tactics. Organizers with rapid-response coalitions now run training sessions and keep volunteers on constant alert, treating enforcement as a permanent feature of city life rather than occasional drama. One leader told local reporters this is “the new normal” for the next several years.

Meanwhile, an unrelated development in France highlights growing global tension over technology and child safety. French prosecutors have opened a formal criminal investigation into Elon Musk and his platform X after the company ignored a summons tied to complaints about sexual images of minors, explicit deepfakes, and other illegal content. Authorities raided X’s Paris office earlier this year. The move raises questions about whether governments are more focused on policing speech on social media than securing actual school buildings and protecting the data of American children sitting in classrooms.

The confluence of these events paints a troubling picture. American public schools were designed to educate citizens and assimilate legal newcomers. Instead, they have been conscripted into a de facto social welfare system for illegal immigration while simultaneously proving easy targets for sophisticated criminal hackers. The Supreme Court’s 1982 logic assumed illegal immigration would remain a manageable phenomenon. Forty-four years and millions of illegal entries later, that assumption looks increasingly untenable.

Republican leaders argue it is long past time for states to regain control over their own schools and budgets. Whether through new legislation, fresh litigation, or simply enforcing existing immigration law more rigorously, the message from much of the country is clear: American children should come first in American schools. The growing number of lawmakers willing to say so publicly suggests the debate over Plyler v. Doe is only beginning.