05/11/2026
IN THE NEWS: Canvas Hack. Parents and Students, now is the time to be diligent with your security. Here are a few things to do immediately to ensure security. This is good practice to follow after any known security breach.
Hey, did you see this? Canvas just got hacked. 275 million records. 9,000 schools.
They don’t just have an email address. They know what school you go to, what courses you’re in, and who you’ve been messaging. That’s not a data point. That’s a profile. And it affects everyone from middle schoolers to grad students.
Here’s what nobody’s saying clearly: the breach already happened. You can’t stop that. What you can stop is what comes next. Hackers don’t always use stolen data themselves. They sell it. And the buyers send targeted phishing messages that look exactly like the real thing.
The most dangerous message your kid gets this month won’t look like spam. It will say: “Your assignment didn’t upload. Click here to resubmit.” Or: “Tuition hold released. Log in to confirm.” They have the names. They have the school. They have the context. That’s what makes this one different.
What to do before the weekend.
One: Any Canvas-related email or text right now, treat it as suspicious. Don’t click anything. Open a new tab and go directly to your school’s site.
Two: If you or your kid logs into Canvas with a password rather than school single sign-on, change it. Anywhere that password was reused, change those too.
Three: Turn on two-factor authentication on your school email today. That one setting blocks most account takeovers even if a password leaks.
You don’t have to understand cybersecurity to do those three things. You just have to do them before your kid gets that message. The breach is done. The phishing wave is starting. The window to get ahead of it is right now.
Send this to every parent, teacher, or college student you know. They need to hear this part.