May 12, 2026
In an era where every little detail about your personal life is shared and transmitted digitally, the fear of your information being compromised is very real. But when it comes to the personal information of your children, that fear becomes amplified by a significant magnitude.
That's where Cary, North Carolina native Lisa Baildon found herself after her daughter's school, Millbrook High, was the victim of a cybersecurity breach in early May. The program they use for remote learning, Canvas, was compromised. The data breach affected an estimated 9,000 institutions across Australia, Canada and the United States, including universities, whose students were in the midst of finals.
Advertisement
"Who did it and what are they going to do with the data?" she said, during an interview with ABC 11 (1).
Thanks for subscribing!
Read the best of Moneywise in 5 minutes or less.
By signing up, you accept Moneywise Terms of Use, Subscription Agreement, and Privacy Policy.
The Canvas breach is part of a bigger problem
Canvas, for those unfamiliar, is an online platform that allows students to access schoolwork, submit assignments and store grades. For university students, financial details factor in far greater than with high schools. To be clear, though, there is no evidence suggesting passwords, dates of birth or financial information were shared.
At Mississippi State University, Aubrey Palmer, a meteorology student, told the BBC (2) they had just finished a 2,900-word essay exam when they received an alert on their screens.
"ShinyHunters has breached Instructure (again)," it read.
ShinyHunters (3) is a hacker and extortion group that has been active since 2020. It has been responsible for several massive data breaches, data theft and extortion efforts targeting global corporations and organizations like AT&T (4), Google (5) and Ticketmaster (6).
ShinyHunters typically does its work by making English-language phone calls and impersonating employees to trick company staff into granting access. In this instance, they exploited flaws in the Free-For-Teacher accounts on April 29. Canvas owner and developer Instructure said hackers were able to obtain names, email addresses, student ID numbers and user messages.
The threat was thought to have receded, but ShinyHunters regained access the very next day, on April 30.
This is not a one-off either. In 2024, logins and credentials for PowerSchool contract employees were compromised (7), exposing names, addresses and email information. The North Carolina Department of Public Instruction shifted all of their information to an online portal.
Advertisement
Must Read
- The ultra-rich use these 5 real estate strategies to build wealth while they sleep — you can start with just $100
- Here’s the average income of Americans by age in 2026. Are you keeping up or falling behind?
- Insurance companies profit most from drivers who auto-renew without shopping around. Comparing 100+ quotes takes 2 minutes and costs nothing
Join 250,000+ readers and get Moneywise’s best stories and exclusive interviews first — clear insights curated and delivered weekly. Subscribe now.
How parents can protect their child's personal information
Kimberly Simon, CEO of Growth Office Partners in Durham, North Carolina, said families should stay vigilant when it comes to suspicious communications (8).
"Be extra cautious about any emails that are now coming in asking for information and pretending to be the school," she told ABC 11. "The second thing is to turn on multi-factor authentication on every single account. This should already be done."
Multi-factor authentication means users will need more than one piece of information to get into an account on top of a password. You can set up a password plus a code that's sent to your phone by text or through email.
Additionally, people should update their passwords regularly and ensure the same ones are not being used for multiple accounts (9).
The best way to safeguard the cybersecurity of your family is to use a multi-pronged strategy, also known as a defense in depth (10). That way, if one defense fails, there are still other safeguards in place to mitigate damages or breaches.
Article Sources
We rely only on vetted sources and credible third-party reporting. For details, see our ethics and guidelines.
ABC 11 (1),(8); BBC (2); Google Cloud (3); Wired (4),(6); PC Mag (5),(9); Security.org (7); Fortinet (10)
You May Also Like
- JP Morgan sees gold hitting $6,000/oz before 2027 — and a Gold IRA lets you hold the physical metal while deferring the tax bill. Get your free guide from Priority Gold
- Dave Ramsey warns nearly 50% of Americans are making 1 big Social Security mistake — here’s what it is and the simple steps to fix it ASAP
- Thanks to Jeff Bezos, you can now become a landlord for as little as $100 — and no, you don't have to deal with tenants or fix freezers. Here's how
- Millionaires under 43 are reshaping investing — just 25% of their portfolios are in stocks. Here’s where their money is going
Brian Baker is an Associate Editor with Moneywise. He has been a media professional for over 20 years.
