ORLANDO, Fla — Millions of students, teachers, and other school employees across the country are impacted by a major data breach involving Canvas. Canvas is a popular educational platform used by colleges, universities, and school systems around the country, including central Florida.
A hack like this is something that can make people nervous.
“So, for me as a parent, now it’s just like one more thing I have to be vigilant for, vigilant about,” said Kanika Reeves.
Parents, students, teachers and other school workers could be under siege, after a hacker group claims it got away with data from more than 275-million people and 9,000 schools from the Canvas breach.
Do you have a consumer complaint or need help from Jeff Deal and Action 9? Click the banner below to submit a tip.
Dr. David Maimon, head of fraud insights at SentiLink, a company that specializes in stopping and fraud and identity theft, said the group taking credit for the breach has done this before.
“It is a fairly large number, but this specific group took over several organizations in the past, including MGM and Salesforce. So, it’s not the first time they’ve been doing this,” Maimon said.
Are airport vendors charging too much for food and drinks? Action 9 put them to the test.
He noted social security numbers and dates of birth were likely not part of this breach but believes students and teachers should immediately change their passwords to prevent further risk. It’s even a good idea to change passwords on accounts where the same or similar passwords were used. It’s also important to be on alert for suspicious emails or other messages. Often stolen data is sold or handed over to other criminals who use it to target people or organizations in phishing attacks or other identity theft related scams.
Ghost Tapping Scams: How thieves can charge your payment cards without you knowing
Maimon said, “Make sure that you not click on URLs that arrive from unknown sources and simply be on the lookout for criminals who are trying to get your identity and your information.”
The Identity Theft Resource Center offered this information:
For anyone unsure whether their institution has issued a notice, check to see if you have received a data breach notice. If you have or do in the future, react, don’t panic. Be mindful of suspicious messages. Exposed email addresses can be used in targeted scams. Be cautious about any unexpected messages. If they ask you to click on links or download files, don’t do it. Also, update any passwords on the platform and any other accounts that use the same password. The ITRC recommends you switch to a passkey if possible. If not, use a unique 12+-character passphrase.
©2026 Cox Media Group
