DataBreaches posted the following opinion piece on LinkedIn this morning in my Dissent Doe, PhD account: Last night, Canvas was restored, and the Instructure leak site listing was removed from the threat actors’ leak site. The listing is still not on the leak site as of this morning. Given ShinyHunters’ practices, this usually indicates that...

Source

When Instructure did not contact ShinyHunters to negotiate any payment after ShinyHunters attacked them for a second time in April,  the threat actors threatened to leak every school’s data, and posted a notice telling schools how to contact them directly to avoid having their data leaked. When Instructure still didn’t contact them after that escalation, ...

Source

Audit conducted by NYS Comptroller’s Office between 2020-2025 found multiple concerns leaving students and employees at risk of privacy and data security breaches. The auditor also criticized the city for failing to cooperate in a timely manner with the auditor’s requests for information.  In June 2014, a decade after the NYC Education Department had been...

Source

Instructure defines itself as the “O.G. champions of open edtech. The makers of Canvas, Mastery, and Parchment (solutions for learning, assessment, and credentialing). Host of the world’s largest online community of educators. (And yes—we’re ‘the panda people.’). We build industry-leading edtech, empowering both teachers and learners at every step of their journey.” Sadly, they were...

Source

Tyler Bridegan, Scott Hyman, Patrick Strubbe, and Sarah Wilk of Womble Bond Dickinson write: In a first of its kind, a California federal judge allowed claims against Bain Capital to proceed based on a data breach at its subsidiary, PowerSchool. Notably, many of the claims are based on conduct that occurred before Bain’s acquisition of PowerSchool. Although...

Source

DysruptionHub reports: Kentwood Public Schools said districtwide Wi-Fi was disrupted after a student used malicious software designed to interfere with the school system’s network. The district said outside experts helped isolate the issue, which affected Wi-Fi connectivity across its schools, and that the problems “appear” to have been resolved. Kentwood Public Schools serves students in...

Source

THV11 News reports: Pine Bluff School District Superintendent Dr. Jennifer Barbaree broke her silence Monday evening after a cyberattack that cost the district millions. According to district officials, the incident happened on December 17. In a statement, and now confirmed during a board meeting, officials say a wire transfer of more than $3.2 million was...

Source

A DataBreaches.net Editorial The “BlueLeaks 2.0” data breach may be the worst privacy and data security breach affecting students that DataBreaches has seen in 20 years of reporting on breaches affecting the education sector. If people thought the Power School incident was the worst ever, hold my coffee. Who will hold P3 Global Intel (“P3”)...

Source

Overview and Background This is the first of what will likely be several updates to this site’s exclusive reporting on the “BlueLeaks 2.0” incident that exposed anonymous and sensitive tips by and about students on a platform that promised them anonymity and security.  DDoSecrets.org named the incident “Blue Leaks 2.0” because, like a previous leak...

Source

Jason Henry reports: The Los Angeles County Office of Education is investigating the possibility that bad actors gained access to the electronic tax documents of teachers and administrators after employees at schools around the county received letters indicating fraudulent tax filings had been submitted in their names. The Southern California News Group confirmed that employees...

Source

Siobhan Harms reports: The Ohio Auditor of State’s Office will begin evaluating school districts’ cybersecurity policies in July. As outlined by House Bill 96, districts had to implement a cybersecurity program that safeguards the district’s data, information technology and information technology resources to ensure availability, confidentiality and integrity. The law reads, “The program shall be...

Source

Barry O’Connor provides an update on the C2K breach in Northern Ireland: The IT systems in schools targeted in a cyber attack last week have been “largely restored” the Education Authority (EA) has said. All online and IT systems in schools are provided through the C2K network, managed by the EA. The attack left all schools...

Source

Alexander Martin reports: A 16-year-old boy has been arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students. The boy, who has not been named for legal reasons, was arrested Wednesday in Portadown, County Armagh, on suspicion of offenses under the Computer Misuse Act. The...

Source

Introduction P3 Global Intel advertises itself as a “fully integrated and state-of-the-art tip acquisition and tip management solution that has quickly become the leading choice of Crime Stoppers Programs, Law Enforcement Agencies, Campus Safety Programs, and Federal Agency Initiatives.”  35,000 U.S. schools use P3 Campus, which partners with “safer school” initiatives such as Sandy Hook...

Source

Spring Lake Park Today reports: Spring Lake Park Schools in Minnesota were forced to close on Monday due to a suspected ransomware attack that disrupted the district’s computer systems. Local authorities are investigating the cybersecurity incident, which caused the abrupt shutdown of all schools in the district as a precautionary measure. … According to officials,...

Source

Lorena Mongelli reports: Reports of compromised student data and cybersecurity in schools surged statewide in 2025, according to education officials. Statewide, data incident reports rose 72%, from 384 in 2024 to 662 in 2025, an annual report issued by the state Education Department’s chief privacy officer found. On Long Island, schools reported 44 data incidents in 2025, a jump from 35 the year prior, according to...

Source

Robbie Meredith reports: An IT system used by schools across Northern Ireland has been targeted in a cyber attack, the Education Authority (EA) has said. On Thursday, schools received a message that as part of “work to manage an IT security issue” the EA would be carrying out a password reset for all users. An...

Source

Abraham Jewett reports: The Cherry Creek School District sent a message to families recently after some students received a notice about a class action settlement over a 2024 data breach involving the web-based education platform Naviance. The school district, in its message to families, clarified that the email was legitimate, and the class action lawsuit...

Source

DysruptionHub reports: North Attleboro Public Schools in Massachusetts said Wednesday it is responding to unauthorized activity on its network after what the superintendent described as a cybersecurity incident over the past several days. The Sun Chronicle reported that Superintendent John Antonucci said the district had responded ‘over the past several days’ to unauthorized activity on its network....

Source

In the wake of the Infinite Campus data breach, DataBreaches was contacted by several concerned EdTech professionals who weren’t prepared to accept Infinite Campus’s word that there was no sensitive student information in the data tranche. With their encouragement, DataBreaches downloaded the data tranche from ShinyHunters’ leak site and examined it. Most of the files...

Source