Nye County School District (NCSD) was recently notified by Instructure, the parent company of the Canvas Learning Management System, regarding a cybersecurity incident that has impacted several educational institutions across the country, including UNLV and UNR.
While the investigation is ongoing, NCSD wants to provide clarity on the scope of the incident to our students, parents, and staff.
At this time, NCSD has not received formal confirmation or detailed guidance from Instructure. However, we have reviewed the list of affected entities provided by the hackers, and no NCSD school appears on the list. The reliability of the list is unclear and we continue to monitor the situation.
Core Systems Remain Secure
It is important to emphasize that the Nye County School District’s internal systems and servers were not compromised. The breach occurred solely within the environment of our third-party vendor, Instructure. Furthermore, because all NCSD accounts utilize Google for authentication, no passwords were compromised during this incident.
Status of Student and Staff Data
NCSD maintains strict data hygiene practices. Canvas contains limited student and staff information. NCSD does not store highly sensitive information, such as Social Security numbers, financial data, or medical records, within Canvas.
Possibly Impacted Data: Names, institutional email addresses, student/staff ID numbers, and internal Canvas messages. The vast majority of internal messaging is directly related to assignment completion.
Proactive Security Measures
To protect students from potential phishing emails resulting from the leak of institutional addresses, the district is temporarily suspending external email capabilities for high school students, the only group currently authorized to receive outside mail, for the next several weeks.
Recommendations for the Community
We urge all staff and students to remain vigilant. Because email addresses and names may have been collected, there is an increased risk of phishing attempts, scam emails designed to trick users into revealing information.
As a reminder:
Do not respond to suspicious emails, texts, or login requests
Do not share passwords or verification codes
Ignore unexpected account access requests
Report suspicious activity to phish@nyeschools.org if you are a district student or employee. Use your own email client to report suspicious emails as spam on accounts outside the school district.
NCSD will continue to provide updates as more details are confirmed by Instructure. The company has also published a public page with details about the breach: https://www.instructure.com/incident_update
Stay Cyber-Safe: A Guide for the Nye County School District Community
In light of the recent data incident involving our third-party vendor, Instructure (Canvas), the Nye County School District (NCSD) wants to ensure our students, parents, and staff are equipped to protect their digital information.
While our internal systems remain secure and your passwords have not been compromised, some contact information (like names and school email addresses) may have been collected. This makes our community a target for "phishing."
What is Phishing?
Phishing is when a scammer sends a fake email, text, or message that looks like it’s from a person or company you trust (like a teacher, a principal, or even the school district). Their goal is to trick you into clicking a link, downloading an attachment, or giving away personal information.
Red Flags: How to Spot a Phishing Email
Scammers are clever, but they often leave clues. Watch out for these common "red flags":
The "Urgent" Tone: They may try to scare you by saying your account will be deleted or you’ll miss an assignment if you don’t act immediately.
Mismatched Email Addresses: Check the sender's address carefully. An email might say it’s from "NCSD," but the actual address might be something like support@ncsd-updates.com instead of a legitimate @nyeschools.org.
Suspicious Links: Hover your mouse over any link (without clicking!) to see where it actually goes. If the URL looks like a random string of numbers or letters, don’t click it.
Generic Greetings: Be wary of emails that start with "Dear Valued Student" or "Dear Parent" instead of your actual name.
Requests for Passwords: NCSD will never ask for your password or phone number via email. Because we use Google to log into our systems, you should never have to provide your password to a third party.
Proactive Steps for Our Community
The NCSD Technology Team is taking several steps to keep our district safe:
Temporary Email Changes: We are implementing a temporary pause on external emails for high school students to block incoming phishing attempts from outside our "Nye" network.
Constant Monitoring: Our IT department is working with state experts to monitor for any unusual activity.
What Should You Do?
These are practices for all accounts, not just nyeschools.org:
If you receive a suspicious email: Do not click any links or download attachments. Report it as phishing in your email client. Nyeschools email accounts can forward to phish@nyeschools.org.
If you clicked a link by mistake: Change your password immediately and notify the school district if you are on a nyeschools.org account.
Talk to your students: Education is our best defense. From Pahrump to Gabbs, we encourage parents to discuss digital safety at the dinner table.
This message was drafted using Gemini and revised and edited by district leaders.