- with Senior Company Executives, HR and Inhouse Counsel
- in China
A May 2026 ransomware attack on Canvas, the learning management platform owned by Instructure, disrupted thousands of educational institutions and exposed data including usernames, email addresses, enrollment information, and private student communications. The attack, attributed to cybercriminal group ShinyHunters, reportedly exploited a weakness in Canvas’ Free-for-Teacher program, highlighting how attackers are increasingly leveraging structural vulnerabilities in SaaS platforms rather than relying solely on advanced technical exploits. In this article, Finnegan attorneys Lynn Parker Dupree and LaQuan Bates examine the breach, the evolving tactics of ransomware groups, and the growing risks associated with third-party platforms, while outlining best practices for strengthening incident response planning, cross-functional cybersecurity governance, vendor oversight, identity management, and threat detection capabilities.
Click here to read more.
Originally published by Cybersecurity Law Report.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]