Are Institutions Ready To Protect Children’s Data In The Age Of AI?

A massive cyberattack on Instructure’s Canvas platform in May compromised over 275 million records across 9,000 schools worldwide, marking one of the largest data breaches in the education sector. The breach, linked to the hacking group ShinyHunters, exposed sensitive student information and highlighted growing cyber risks in American classrooms as AI and cloud-sync technologies expand. Schools increasingly rely on third-party platforms and online resources, but these tools often use cookies, APIs, and shared permissions that create vulnerabilities. A single flaw in a vendor’s system can put entire school districts at risk, as networks are no longer isolated. Charlie Sander, CEO of ManagedMethods, noted that schools lack the tools to monitor third-party integrations, leaving them blind to security gaps like missing multi-factor authentication or slow threat detection. The rise of AI-powered tools in education adds another layer of risk, as these systems require access to vast amounts of student data to personalize learning. While AI can enhance education, experts warn that many companies struggle to meet baseline privacy standards for minors under the Children’s Online Privacy Protection Act (COPPA). Ivan Crewkov, CEO of Buddy.AI, emphasized that responsibility for safeguarding children’s data should lie with institutions, not students. Parents and educators express distress over the lack of transparency and control in protecting student information. Cloud-sync features and interconnected platforms further amplify exposure, as malware can spread rapidly through school-wide networks. The Canvas breach underscores the urgent need for stronger security measures, vendor accountability, and better oversight to prevent future incidents in K-12 systems.