.png)
Executive Risk & Board Advisory
Instructure Paid Off Its Hackers. The House Homeland Security Committee Wants to Know Why.
On May 12, 2026, Instructure announced a settlement with the ShinyHunters criminal organization that breached its Canvas platform, claiming that all stolen data has been "returned" and that the threat actor has provided "digital confirmation of data destruction." The same day, the House Homeland Security Committee sent a letter to Instructure CEO Steve Daly requesting a briefing on the breach response and on the adequacy of coordination with federal law enforcement and CISA. A settlement is not a resolution. A promise from criminals is not a defensive posture. The pattern of conduct that produced three breaches in eight months has not been addressed. The students at 8,809 schools whose data was taken were not parties to the agreement that supposedly now protects them.
Audited. Compliant. Hacked Anyway.
$219 billion spent on cybersecurity in 2025. More major breaches than any year on record. Why every cybersecurity plan failed in 2026.
Most Common Passwords in 2026: What the Data Shows
The 2026 password data: 123456 is still #1, 65% of users reuse passwords across breaches. What boards and CISOs should be doing about it.
Cybersecurity Acronyms Glossary 2026
70+ cybersecurity acronyms decoded for executives, boards, and PE sponsors. MFA, EDR, MDR, ZTNA, NIST CSF, SOC 2, and the rest — organized across 11 categories.
Seven Years. Five Wells Fargo Outages. Still 'Routine.'
Seven years. Five major outages. Wells Fargo still calls it routine maintenance. What the banking outage pattern reveals about regulated comms.
275M Users Exposed in Canvas/Instructure Breach
275 million users exposed. 8,809 schools down. Instructure calls it 'scheduled maintenance.' Inside the Canvas breach and the EdTech disclosure failure.