Canvas breach puts global education cyber risk in focus
ITBrief interviewed NetSPI’s Field CISO, Nabil Hannan, for a May 24, 2026 article about a major data breach in Instructure’s Canvas learning management system disrupting final exams at universities including Harvard and Northwestern and claiming to have stolen roughly 275 million student and staff records spanning more than 7,000 universities and K-12 districts. Read the preview below or view it online.
+++
Nabil focused on the long-term risks that extend well beyond the immediate disruption. He pointed out that a learning management system holds far more than basic student data. It can contain years of communications, behavioral history, and sensitive personal information like accommodations, all of which become highly valuable in the wrong hands.
He also highlighted a specific risk with student data: children’s identities often go unused and undetected for far longer than adult identities, making stolen student records a particularly effective tool for phishing, impersonation, and identity fraud campaigns that can play out for years after a breach. His broader takeaway was that cybersecurity in education can no longer be treated as a simple IT problem. It has become a student safety issue.
You can read the full article here
Authors:
Explore More News
NetSPI Expands Suite of AI-Powered Continuous Pentesting Services as Organizational Attack Surfaces Grow
NetSPI expands suite of Human-Led, AI-Powered Continuous Pentesting Services, including a first-of-its-kind AI Findings Validation service, as well as continuous testing for web applications and internal networks.
AI’s Role in the Next Era of Pentesting
This article discusses how AI can accelerate penetration testing, but without human expertise to validate findings and apply business context, organizations risk confusing faster output with stronger security.
Why Continuous Security Validation is Becoming a Security Imperative
CTO Magazine interviewed NetSPI's Field CISO, Nabil Hannan, for a June 11, 2026, article about how cloud-native architectures, continuous deployment pipelines, APIs, and AI-assisted development have accelerated change across enterprise environments.