Cybersecurity is no joke: Here’s how students can keep their digital information safe – The Daily Campus
Publish Date: 2026-05-10 22:58:00
Source Domain: smudailycampus.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
After Canvas was hacked by the cybercrime group, ShinyHunters, resulting in the platform shutting down on May 7, there are some security concerns.
After the cybercrime group ShinyHunters hacked into Canvas, it’s unclear whether students’ information is protected, prompting many students to ask how to protect themselves going forward in Dallas, Texas, on May 7, 2026. (Chloe Casdorph)
What information do the hackers have on students? Is students’ personal information secured after this event? How can students protect themselves? These are all questions that students should know the answers to.
The Daily Campus’ photo editor, Chloe Casdorph, spoke with Brad Bussie, the chief information security officer of e360, a technology company based in California, to better understand which security breaches occurred and how students can protect their information going forward.
“The Canvas situation is a large, ongoing breach and extortion incident against Instructure’s Canvas LMS, with likely exposure of personal data (names, emails, IDs, messages) for millions of students and staff, but so far, no confirmed theft of passwords or financial data. People should treat it as a serious identity and phishing risk event and immediately harden passwords, watch for targeted scams and push their institutions to tighten integrations, logging and communication,” Bussie said.
Bussie also said that the criminal group ShinyHunters claimed responsibility, saying they stole roughly 3.65 TB of data on about 275 million users across nearly 9,000 institutions worldwide.
Casdorph: How did you hear about Canvas being hacked? Can you give a little background on what happened from a security perspective?
Bussie: Anytime something like this is talked about in the media, in the news, we typically know about it as security practitioners. Whether it’s through a dark web monitor, threat intelligence or there’s a bunch of different forums and things where people will talk about this. So that’s where I saw it. I have a junior in high school, and their school uses Canvas, so I took a personal interest.
Yesterday, really was the bulk of the information, because they took down the website – they meaning the ShinyHunters – and then they put up a ransomware banner slash site instead, which goes to show they have a lot more access than, I think, Canvas thought that they had. That was essentially saying, if you don’t give us money, we are going to release all of this information that we have to the dark web, and then people will buy it.
Casdorph: From a security standpoint, what does this mean for students?
Bussie: One thing that I noticed with a lot of students is they reuse the same password on a lot of things because it’s just easier. That’s really [should be] rule number one: all of your passwords should be different. I don’t ask any of you to remember all of your passwords. They [Apple, Microsoft, NordPass and LastPass] make it easier [to] where you can have a password vault, and it will create random passwords for you and it just automatically fills it in.
Step two is anywhere that you can, you need to do two-factor authentication. All that means is that it either sends you a text message to confirm that it’s really [you] logging into something. There’s Google Authenticator, even Facebook now has one in the app, where it’s like, ‘Hey, is this really you? You’re coming from a different place, IP address.’
You’re building in some protection where an attacker isn’t, ’cause what they’re wanting, they’re wanting to backtrack from this Canvas application, and they want to get into your email. The reason is [that] from your email, you can reset any password for any other application. If they happen to get your email password and you don’t have multifactor set up, they’re gonna change your password, lock you out and then reset all your passwords.
I don’t think people realize how damaging getting into your email could be, and this is generally what they’re after. They want your Social Security number, and they’re hoping that, as a younger person, you haven’t frozen your credit. They’re hoping that your credit is still open and available so they can go and open credit cards, lines of credit, all that kind of stuff. They’ll go into existing credit cards that you have, they will change the address, and then they will send themselves a new credit card. This is how damaging it can be for students, because you’re just getting your credit started. You’re just able to start doing this kind of stuff, and the attackers definitely want to take advantage of that.
Casdorph: Now that Canvas is back online, is it possible that the hackers have all our students’ information?
Bussie: It’s possible. What we know right now is they’ve got everyone’s full names. They have your personal and school email addresses. They know each school typically has a unique identifier for each person, so they’ve got your student ID. They’ve got messages that were being sent back and forth through whatever campus messaging service that you have.
What I didn’t say is that they don’t have your password. They probably don’t have your date of birth, they probably don’t have your Social Security number and they may not have any financial data, like your student loans, if you’re self-pay or whatever. But we don’t know that for sure, so we need to pretend like they do.
Casdorph: What advice do you have for students during this time to ensure our safety and security?
Bussie: Now that Canvas is up, it doesn’t matter if you think your password is okay; it’s not. Just change it. Change your password. Take this as a good time to set up a password vault, even if you’re using the one in Safari or whatever one you choose; now is a good time. Also, consider changing your critical passwords. So, Gmail, Outlook, whatever else and then set up that additional factor of authentication. Every app actually makes it pretty easy now. When you go into your settings, there should be something in there that says, ‘Set up a token or SMS messaging.’
I would say, also, look up how to freeze your credit, because this is something that’s kind of a big deal when you go and try to get a credit card, a line of credit, a mortgage or something like that. That is an event [getting hacked] where you’re gonna be thinking about this, so you can go and unfreeze your credit for a week. With how much information the bad guys have about us, you should just have that credit frozen all the time. That’s more of the nuclear option.
Casdorph: Is there anything students should look out for going forward?
Bussie: My prediction is what ShinyHunters is gonna do, and I’m already seeing this in some of the things that are coming back; they are going to start reaching out to you as students, saying, ‘We have your information. Send us money, send us Bitcoin, or we’re gonna release your stuff.’ Or ‘We’re going to lock out your personal email, ’cause we have that stuff, too.’ They’re gonna make very bold claims. They may not even have this information, but they’re gonna just mess with you and they’re going to say, ‘Give us money.’
Forward any [suspicious] email that you get like that, especially if it’s to your student email [to the school] security email or distribution list at your college – send that message to them. Don’t send them money, don’t click any links. Be very suspicious of emails for the next couple of months. Anything coming from your campus or coming from, like, ‘Hi, I’m so and so, a security person from Semantic [a cybersecurity company], and I noticed that your system is compromised. I think it’s part of this campus breach.’ Don’t click anything. They’re just trying to steal from you.
If it’s not a message you’re expecting, or it’s not very clearly from your IT or security team on campus, don’t click it, don’t believe it and if you suspect that it’s not something real, don’t look at the message.
