May 12, 2026
In an era where every little detail about your personal life is shared and transmitted digitally, the fear of your information being compromised is very real. But when it comes to the personal information of your children, that fear becomes amplified by a significant magnitude.
That's where Cary, North Carolina native Lisa Baildon found herself after her daughter's school, Millbrook High, was the victim of a cybersecurity breach in early May. The program they use for remote learning, Canvas, was compromised. The data breach affected an estimated 9,000 institutions across Australia, Canada and the United States, including universities, whose students were in the midst of finals.
Advertisement
"Who did it and what are they going to do with the data?" she said, during an interview with ABC 11 (1).
The Canvas breach is part of a bigger problem
Canvas, for those unfamiliar, is an online platform that allows students to access schoolwork, submit assignments and store grades. For university students, financial details factor in far greater than with high schools. To be clear, though, there is no evidence suggesting passwords, dates of birth or financial information were shared.
At Mississippi State University, Aubrey Palmer, a meteorology student, told the BBC (2) they had just finished a 2,900-word essay exam when they received an alert on their screens.
"ShinyHunters has breached Instructure (again)," it read.
ShinyHunters (3) is a hacker and extortion group that has been active since 2020. It has been responsible for several massive data breaches, data theft and extortion efforts targeting global corporations and organizations like AT&T (4), Google (5) and Ticketmaster (6).
ShinyHunters typically does its work by making English-language phone calls and impersonating employees to trick company staff into granting access. In this instance, they exploited flaws in the Free-For-Teacher accounts on April 29. Canvas owner and developer Instructure said hackers were able to obtain names, email addresses, student ID numbers and user messages.
The threat was thought to have receded, but ShinyHunters regained access the very next day, on April 30.
Advertisement
This is not a one-off either. In 2024, logins and credentials for PowerSchool contract employees were compromised (7), exposing names, addresses and email information. The North Carolina Department of Public Instruction shifted all of their information to an online portal.
Must Read
- Dave Ramsey warns nearly 50% of Americans are making 1 big Social Security mistake — are you doing the same?
- Thanks to Jeff Bezos, you can now become a landlord for as little as $100 — and no, you don't have to deal with tenants or fix freezers. Here's how
- Robert Kiyosaki says this 1 asset will surge 400% in a year and begs investors not to miss this ‘explosion’
Join 250,000+ readers and get Moneywise’s best stories and exclusive interviews first — clear insights curated and delivered weekly. Subscribe now.
How parents can protect their child's personal information
Kimberly Simon, CEO of Growth Office Partners in Durham, North Carolina, said families should stay vigilant when it comes to suspicious communications (8).
"Be extra cautious about any emails that are now coming in asking for information and pretending to be the school," she told ABC 11. "The second thing is to turn on multi-factor authentication on every single account. This should already be done."
Multi-factor authentication means users will need more than one piece of information to get into an account on top of a password. You can set up a password plus a code that's sent to your phone by text or through email.
Additionally, people should update their passwords regularly and ensure the same ones are not being used for multiple accounts (9).
The best way to safeguard the cybersecurity of your family is to use a multi-pronged strategy, also known as a defense in depth (10). That way, if one defense fails, there are still other safeguards in place to mitigate damages or breaches.
Article Sources
We rely only on vetted sources and credible third-party reporting. For details, see our ethics and guidelines.
ABC 11 (1),(8); BBC (2); Google Cloud (3); Wired (4),(6); PC Mag (5),(9); Security.org (7); Fortinet (10)
You May Also Like
- Turning 50 with $0 saved for retirement? Most people don’t realize they’re actually just entering their prime earning decade. Here are 6 ways to catch up fast
- Inside a $1B real estate fund offering access to thousands of income-producing rental properties — with flexible minimums starting at $10
- Vanguard’s outlook on U.S. stocks is raising alarm bells for retirees. Here’s why and how to protect yourself
- Here are 5 easy ways to own multiple properties like Bezos and Beyoncé. You can start with $10 (and no, you don’t have to manage a single thing)
Brian Baker is an Associate Editor with Moneywise. He has been a media professional for over 20 years.
