Key Takeaways:
- Trust Over Technique: Long-term customer trust is shaped more by a company’s transparency and accountability than by the technical details of the incident itself.
- Culture on Display: A vendor’s response serves as a litmus test for their corporate values, revealing if they still align with the educational community they serve.
- The Communication Gap: Historical shifts show that reactive or corporate tones create market openings for more transparent and community-focused competitors.
Last week, much of the conversation in EdTech focused on the recent Instructure / Canvas security incident. I received several emails asking whether we would cover the event in our weekly post. Since we had just finished our company summit and I’ve been traveling with my family, I was honestly happy to let others take the lead on covering the story. That said, I keep getting pulled back in as new updates continue to emerge.
I also don’t feel I have much to add from a technical perspective, particularly given that experts like Phil Hill and Michael Corn have already been covering the situation closely.
No company asks to be hacked, experience a DDoS attack, or suffer a major reliability issue. Incidents happen. What often matters most is how a company responds once they do. Communication, transparency, accountability, and tone tend to shape long-term customer trust far more than the incident itself.
I did a quick search through other notable EdTech incidents over the years and found several examples where the response became just as important as the event itself:
PowerSchool (2024–2025)
PowerSchool became part of broader conversations around student data governance and vendor accountability in K–12. The issue was less about a single event and more about how districts expected clearer communication and transparency around student data practices. The response highlighted how sensitive K–12 institutions are to trust and disclosure timelines.
Blackboard (2012–2016)
Blackboard experienced years of outages, performance issues, and customer frustration during the 2010s. Institutions often criticized the company’s communication style as reactive and overly corporate. That environment helped create an opening for Canvas, which positioned itself as more transparent and community-focused.
D2L (2017–2022)
D2L faced platform outages and service disruptions like other LMS vendors, but generally earned credit for structured communication and customer engagement. Status pages, roadmap visibility, and active client communication helped maintain trust even during difficult periods.
Google (2019–2025)
Google faced ongoing scrutiny around student privacy, Chromebook usage, and Workspace for Education data practices. The debate evolved beyond compliance into broader questions about surveillance, transparency, and whether large technology companies aligned with educational values.
Chegg (2023–2025)
Chegg’s challenges around AI and academic integrity shifted the conversation from product usefulness to institutional responsibility. Many educators questioned how the company viewed its role within learning environments and whether its public responses reflected educational priorities.
Proctorio (2020–2021)
Proctorio became a case study in how public and legal responses can intensify controversy. The company’s aggressive reactions to criticism created additional backlash among faculty and institutions, turning concerns about online proctoring into larger conversations about trust and partnership.
Pearson (2019)
Pearson faced criticism after student data breaches and online testing disruptions. Institutions and regulators focused heavily on delayed notifications and communication practices, reinforcing expectations that education vendors must respond quickly and empathetically when student systems are affected.
Anthology (2021–2024)
Following the Blackboard merger, Anthology faced close scrutiny around culture, support, and communication. Institutions interpreted even routine service issues through a broader question: would the merged company maintain strong customer relationships or become more centralized and less responsive?
Zoom (2020)
During the rapid shift to remote learning in the pandemic, Zoom faced intense criticism over privacy and security concerns, including “Zoombombing” incidents. Rather than minimizing the issue, the company paused feature development for 90 days to focus almost entirely on security improvements. That response helped stabilize trust with educational institutions.
Instructure (2026)
The recent Canvas security incident reignited discussions around openness, communication, and customer trust. Longtime LMS observers noted that Canvas originally built its reputation on transparency and customer alignment during the 2010s. The debate quickly evolved beyond the technical incident into a broader question about whether the company’s response still reflected the culture that helped establish its market position.
Looking back at these EdTech incidents, one thing stands out: institutions rarely judge vendors only on the incident itself. They judge them on how they communicate, how transparent they are, and whether their response reflects the values they promoted when trust was being built.
