Cybersecurity incidents continue to rise, affecting multiple sectors including finance, education, insurance, and cryptocurrency. This article delves into recent data breaches, security measures, and legal actions, highlighting the urgent need for enhanced security protocols.
Canvas Learning Platform Breach
Instructure, the parent company of the widely used Canvas learning management system, confirmed it reached an agreement with the ShinyHunters hacking group to prevent the leak of 3.5 terabytes of stolen student data. The breach, which occurred last week, forced Canvas briefly offline and threatened to expose data from nearly 9,000 schools and 275 million users worldwide. The Tech Buzz reported that while Instructure avoided using the term ‘ransom,’ the agreement involved the return and alleged destruction of the stolen data. The company received digital ‘shred logs’ as proof of data deletion. However, cybersecurity experts caution that such guarantees are difficult to verify.
The FBI and other agencies typically advise against paying ransoms, as it may encourage further attacks. Despite this, Instructure prioritized immediate data protection to mitigate potential harm to students and institutions. The incident has sparked discussions about third-party risk management in the education sector, where institutions often rely on vendors like Instructure to secure sensitive data. ShinyHunters, known for previous high-profile breaches, has a history of reneging on agreements, raising concerns about the long-term security of the data.
Instructure has scheduled a webinar on May 13 to detail its response efforts and improvements to system security. For further reading, see: The Associated Press, and Ground News. Additional coverage is available at The Tech Buzz.
Canvas Learning Platform Breach
Instructure, the parent company of the widely used Canvas learning management system, confirmed it reached an agreement with the ShinyHunters hacking group to prevent the leak of 3.5 terabytes of stolen student data. The breach, which occurred last week, forced Canvas briefly offline and threatened to expose data from nearly 9,000 schools and 275 million users worldwide. While Instructure avoided using the term ‘ransom,’ the agreement involved the return and alleged destruction of the stolen data. The company received digital ‘shred logs’ as proof of data deletion, though cybersecurity experts caution that such guarantees are difficult to verify. The FBI and other agencies typically advise against paying ransoms, as it may encourage further attacks. However, Instructure prioritized immediate data protection to mitigate potential harm to students and institutions. .
The incident has sparked discussions about third-party risk management in the education sector, where institutions often rely on vendors like Instructure to secure sensitive data. ShinyHunters, known for previous high-profile breaches, has a history of reneging on agreements, raising concerns about the long-term security of the data. Instructure has scheduled a webinar on May 13 to detail its response efforts and improvements to system security. For further reading, see: Canvas owner reaches ‘agreement’ with hackers to secure stolen data by The Tech Buzz.
Starr Insurance Data Breach
Starr Insurance, Inc., a Pennsylvania-based insurance agency, is under investigation following a data breach that occurred on November 18, 2025. The Akira ransomware group claimed responsibility for the attack, exfiltrating 15 gigabytes of data, which was later listed on its leak site. The compromised data includes names, addresses, Social Security numbers, driver’s license numbers, financial account information, medical information, and online account credentials. Starr Insurance began notifying affected individuals on May 6, 2026, a delay that may violate federal or state laws. The law firm Schubert Jonckheer & Kolbe LLP is investigating the breach and encourages affected individuals to come forward to explore legal options, including potential compensation for identity theft risks and privacy violations. For more information, visit: PRIVACY ALERT: STARR INSURANCE, INC. UNDER INVESTIGATION FOR DATA BREACH OF RECORDS by Schubert Jonckheer & Kolbe LLP.
Ethereum Foundation’s Clear Signing Standard
The Ethereum Foundation has introduced a new security standard called ‘Clear Signing’ to tackle the issue of users unwittingly approving harmful crypto transactions. This standard replaces confusing transaction code with human-readable explanations, making it easier for users to understand what they are agreeing to before signing. This initiative responds to the billions of dollars lost to phishing attacks and wallet drains, often due to ‘blind signing,’ where users approve transactions without grasping their implications.
The new system relies on the proposed Ethereum standard ERC-7730 and a public registry for verifying transaction descriptions. Wallet providers and developers are encouraged to adopt the standard to enhance security for all users. Trezor’s CTO, Tomáš Sušánka, praised the initiative, stating, ‘This addresses a fundamental vulnerability that has plagued cryptocurrency users for years.’ The Ethereum Foundation’s Trillion Dollar Security Initiative will oversee the infrastructure behind the registry.
Final words
The cybersecurity landscape is evolving rapidly, with new threats emerging across various sectors. Organizations and individuals must stay vigilant and adopt proactive measures to mitigate risks. Legal recourse, negotiations with cybercriminals, and advanced security standards are critical steps to protect sensitive information. Read more about these developments to stay informed.