By Anna McDonald, Director of Family Learning
As students prepared for finals this week, Canvas, the primary university platform for course information and communication, suffered a data breach through its parent company, Instructure.
The hacking group ShinyHunters claimed responsibility, stating it accessed data from over 275 million people at 9,000 schools. The breach added extra stress during finals for students across the country, since Canvas is essential for submitting coursework and exams as well as communicating with teachers.
As of Friday morning, Instructure posted on their website that Canvas is now available for most users. Potentially affected data includes: full names, email addresses, student ID numbers, and internal Canvas messages.
The key takeaway from this week’s data breach is that the exposed information may be sufficient to enable secondary highly targeted phishing attempts, account takeovers, and identity fraud. You may want to proactively discuss these risks with your family and ensure everyone remains vigilant.
For Moneta clients with children or relatives at schools affected by this data breach, we want to share key cybersecurity best practices. These best practices go beyond the Instructure data breach this week; they also apply to your everyday life. Attacks using the compromised data, will tend to be more social-engineering or phishing related attacks.
- Be extra vigilant. Verify all emails, texts, calendar invites, and messages before clicking, downloading, or logging in. Confirm authenticity through a separate communication method. Do not click on links in emails and text messages until you have verified with the sender that they sent the email or text.
- Most phishing attempts have a human element embedded into the attempt. Attackers no longer just look for data breaches; they build detailed behavioral profiles that allow them to impersonate, manipulate, and escalate — with precision.
- Review all home and personal wireless/internet-connected devices. Avoid using any internet-connected (aka “smart”) devices that cannot or do not receive security updates. Stick to well-known hardware vendors.
- Enable multifactor authentication on all accounts, especially e-mail accounts. Enable this for everything from banking to your online streaming services.
- Secure your personal information. Never give your personal information to someone who calls and asks for it. Do not give out the last four numbers of your social security number to companies or people you do not know. Don’t be afraid to ask questions as to why a company is asking for your social security number.
- Update the operating systems on your electronic devices. Make sure your operating systems (OSs) and applications are up to date on all of your electronic devices. Older and unpatched versions of OSs and software are the target of many hacks.
- Stores often sell your personal information to third party brokers. Limit the information you give to loyalty programs (or don’t sign up for them), limit information for online purchases and third-party apps as much as possible.
- Be aware of online dating scams and imposter scams. Romance scammers, as they are often called, create fake profiles and try to develop relationships with their targeted victims through online dating apps or social networking websites. They will try and gather information about you.
- The FBI has a page dedicated to such scams with more information and ways to report these scams.
- Use a unique, strong password for each online account.
- Here are some reviews of well-known credential managers to help.
- Consider proactively freezing credit at the three main bureaus.
© 2026 Advisory services offered by Moneta Group Investment Advisors, LLC, (“MGIA”) an investment adviser registered with the Securities and Exchange Commission (“SEC”). MGIA is a wholly owned subsidiary of Moneta Group, LLC. Registration as an investment adviser does not imply a certain level of skill or training. The information contained herein is for informational purposes only, is not intended to be comprehensive or exclusive, and is based on materials deemed reliable, but the accuracy of which has not been verified. Trademarks and copyrights of materials referenced herein are the property of their respective owners. You should consult with an appropriately credentialed professional before making any financial, investment, tax or legal decision. These materials do not take into consideration your personal circumstances, financial or otherwise.
