Higher education institutions are dealing with the fallout of a broader Canvas targeting campaign. Reporting says ShinyHunters—the cybercrime group behind last month’s Canvas hack—may have gained access to human resources and financial management systems at dozens of colleges, with Oracle PeopleSoft reportedly affected at more than 100 organizations. Google Threat Intelligence Group and Mandiant described a pattern in which some institutions blocked activity while others suffered compromise, leading to stolen data being published on ShinyHunters’ DLS. The University of Nottingham confirmed it was part of the breach. Higher ed leaders will likely need to revisit incident response planning for identity systems and enterprise resource planning platforms that sit behind learning-management vulnerabilities, not just the LMS itself.