July 8, 2026
Cybersecurity Law Report
By Lynn Parker Dupree; LaQuan N. Bates; *Nico Prentosito
A May 2026 ransomware attack on Canvas, the learning management platform owned by Instructure, disrupted thousands of educational institutions and exposed data including usernames, email addresses, enrollment information, and private student communications. The attack, attributed to cybercriminal group ShinyHunters, reportedly exploited a weakness in Canvas’ Free-for-Teacher program, highlighting how attackers are increasingly leveraging structural vulnerabilities in SaaS platforms rather than relying solely on advanced technical exploits. In this article, Finnegan attorneys Lynn Parker Dupree and LaQuan Bates examine the breach, the evolving tactics of ransomware groups, and the growing risks associated with third-party platforms, while outlining best practices for strengthening incident response planning, cross-functional cybersecurity governance, vendor oversight, identity management, and threat detection capabilities.
Click here to read more.
*Nico Prentosito is a Law Clerk at Finnegan.
Originally printed in the Cybersecurity Law Report on July 8, 2026. This article is for informational purposes, is not intended to constitute legal advice, and may be considered advertising under applicable state laws. This article is only the opinion of the authors and is not attributable to Finnegan, Henderson, Farabow, Garrett & Dunner, LLP, or the firm’s clients.
Federal Circuit IP Blog
July 8, 2026
Webinar
Inventive Step in Europe and the US: Comparing the UPC, EPO and National Approaches
July 8, 2026
Webinar
Federal Circuit IP Blog
July 8, 2026
Due to international data regulations, we’ve updated our privacy policy. Click here to read our privacy policy in full.