Key developments
Canvas breach forces schools offline during finals
Instructure took Canvas offline after unauthorized activity detected April 29 and later changes tied to the same incident on May 7, disrupting course access during finals. ShinyHunters claimed responsibility and said the breach involved data from about 275 million students, teachers and staff at nearly 9,000 schools worldwide. Instructure said exposed information included names, email addresses, student ID numbers and user messages, but not passwords, birth dates, government identifiers or financial information; schools including Penn State, the University of California system and Baylor delayed exams or assignments while reviewing access.
Why it matters
A single platform failure affected exams and communications across thousands of schools while raising questions about the scope of student data exposure.
Sources & driving stories
NEWSDAY
Newsday coverageWTOP
WTOP coverageWWE won't suspend Jordynne Grace after leak
Heavy reported that Jordynne Grace said explicit photos and videos circulated online without her consent after hackers breached an old Snapchat account and leaked images, including AI-generated depictions. Grace said the material was not from her former OnlyFans account. WWE said it will not suspend her and has not commented publicly, while the article framed the incident as another example of nonconsensual intimate-image abuse and referenced the 2025 Take It Down Act.
Why it matters
It underscores the privacy harms of hacked and AI-altered intimate imagery and how the law may be used against it.
Sources & driving stories
HEAVY · Jalyn Smoot
Heavy coverageStark County takes CJIS maintenance in-house
Stark County said it will let its CJIS maintenance agreement with Yates Technology expire after the vendor declined new cybersecurity requirements. County officials said the criminal-justice portal was hacked in July 2024, potentially exposing information on nearly 300,000 people, and that depending on a single out-of-state maintainer created an unacceptable single point of failure. The county is now asking for systems, code, data and access credentials to be returned as operations move under county control.
Why it matters
It is a concrete response to a prior breach affecting sensitive criminal-justice data and vendor oversight.
Sources & driving stories
THE REPOSITORY
The Repository coverageWorth noting
WORTH NOTING
Chrome on-device AI wording changes
Google removed privacy language from Chrome settings even as it says the model still processes data locally, prompting fresh scrutiny of its AI privacy framing.
WORTH NOTING
Pottawatomie County warns of W-2 exposure
Employees were told their names, addresses, Social Security numbers and wage data were exposed, adding another local-government privacy incident with identity-theft risk.
Still unclear
OPEN QUESTION
How much Canvas data was actually exfiltrated?
Schools are still acting on claims that mix confirmed exposure with threat-actor allegations, so the true scope remains unresolved.
OPEN QUESTION
Will the Take It Down Act be tested soon?
The Jordynne Grace leak is the kind of AI-altered intimate-image case the new law is meant to address.