{"id":212794,"date":"2026-05-12T14:36:00","date_gmt":"2026-05-12T18:36:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/12\/latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity\/"},"modified":"2026-05-12T14:40:08","modified_gmt":"2026-05-12T18:40:08","slug":"latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/12\/latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity\/","title":{"rendered":"Latest Canvas Attack Shows Schools Still Struggle With Cybersecurity"},"content":{"rendered":"<p><a href=\"https:\/\/www.edsurge.com\/news\/2026-05-12-latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity\">Latest Canvas Attack Shows Schools Still Struggle With Cybersecurity<\/a><\/p>\n<p><a href=\"https:\/\/www.edsurge.com\/news\/2026-05-12-latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity\">https:\/\/www.edsurge.com\/news\/2026-05-12-latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-12 14:36:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.edsurge.com\">www.edsurge.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. A cyberattack against one of the world\u2019s largest digital education platforms has forced attention onto the vulnerability of U.S. schools\u2019 data. Instructure, the company behind Canvas, a learning management system used by thousands of schools which has 30 million active users, had its service interrupted late last week. According to a company statement, hackers breached Instructure\u2019s \u201cfree for teacher\u201d account, or those specifically offered to give teachers access to Canvas courses. The criminal hacking group ShinyHunters claims to have stolen 275 million records from roughly 9,000 educational institutions around the world, per reporting from Security Week. In the latest, at the beginning of this week, Instructure published a note saying that it had reached a deal with the hackers to return the stolen data and had received digital confirmation of data destruction, along with assurance that none of its customers would be extorted. The note did not mention what Instructure gave in return. But the note announced a webinar with \u201cInstructure leadership\u201d scheduled for Wednesday.According to Instructure, this is the second data breach within the year. The latest included a breach of customer \u2014 including teacher and students\u2019 \u2014 email addresses, usernames, enrollment information and course names.The attacks happened around finals for many colleges. Canvas was back online as of Saturday, according to a note about the incident on Instructure\u2019s website. But at least six universities and school districts in a dozen states sent out alerts noting they had been impacted by the attack, according to reporting from CNN. Prior to Instructure&#8217;s deal, CNN noted that ShinyHunters had set a Tuesday deadline for schools to \u201cnegotiate a settlement.\u201dThe education sector is an attractive target for hackers, with experts describing it as \u201ctarget rich, resource poor.\u201dThe breach comes amid immense frustration and legislative pushback against the extent schools have become reliant on edtech since pandemic closures forced schools to rush to embrace digital instruction and tools. Some wonder whether the attacks raise thorny questions about trust and the ability of schools to respond when outside vendors are targeted.While this latest incident has renewed attention, cyber attacks against schools are not a new concern. Cybersecurity was even identified as a top concern in EdSurge\u2019s 2025 trends forecast.Indeed, the frequency of attacks has increased dramatically in recent years against both higher ed and K-12 schools, and some experts worry that AI is making attacks more sophisticated. The figures are startling. For example, 82 percent of K-12 organizations reported a cyber security incident, according to a 2025 report from the Center for Internet Security, which noted 9,300 confirmed incidents. Schools have struggled to figure out how to respond to new cybersecurity threats. Here are some notable highlights from the past few years:<br \/>\n2022: A cyberattack against Illuminate Education made the rounds. In 2018, the European Union passed the General Data Protection Regulation, or GDPR, providing clarity into what data protection parents, teachers and students should get. But a few years later, during the Illuminate attack, experts noted that the U.S. lacked a national consensus, though states were beginning to pass legislation.<br \/>\n2022: Later that year, after a major attack against Los Angeles Unified School District, one of the largest in the country, experts warned EdSurge that schools represent \u201choney pots of highly sensitive information.\u201d In that attack, a ransomware gang dumped 500 GB of files, including sensitive student and teacher information, on the dark web when the district refused to pay.<br \/>\n2025: Early into the Trump administration\u2019s second term, experts noted that coordinated federal attacks had been impacted by cuts, weakening federal support for schools. At the time, districts noted that they were operating \u201cin the dark\u201d with an uncertain future around cybersecurity issues.<br \/>\n2025: In a two-part EdSurge series, \u201cUnder Siege: How Schools Are Fighting Back Against Rising Cyber Threats,\u201d reporter Ellen Ullman tracked how districts around the country are responding to AI\u2019s rise in cyber incidents. Ullman\u2019s reporting found that many schools remain weak on the fundamentals of cybersecurity, with small schools becoming attractive targets for cyber criminals. Schools are having to learn that the first line of defense against scams is humans, Ullman notes.<br \/>\nSome argue that the latest attacks are a sign that institutions need more meaningful expectations around cybersecurity, since the audits and certifications they currently rely on are failing to safeguard student data. \u201cToo often they serve as compliance theater and as weak shields against liability,\u201d wrote Douglas Levin, national director of K12 Security Exchange Information, on social media. Over the years, cybersecurity experts have shared a range of tips for schools to stay secure \u2014 from educating staff and students to seeking outside help to deal with the mounting threat.With increasingly sophisticated attacks, there\u2019s more than ever pressure for schools to secure student data despite all the challenges.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Latest Canvas Attack Shows Schools Still Struggle With Cybersecurity https:\/\/www.edsurge.com\/news\/2026-05-12-latest-canvas-attack-shows-schools-still-struggle-with-cybersecurity Publish Date: 2026-05-12 14:36:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":212795,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/edsurge.imgix.net\/uploads\/post\/image\/16719\/shutterstock_2291930583-1778605726.jpg?auto=compress%2Cformat&w=1024&h=512&fit=crop","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,27],"class_list":["post-212794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212794"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=212794"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212794\/revisions"}],"predecessor-version":[{"id":212796,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/212794\/revisions\/212796"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/212795"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=212794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=212794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=212794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}