A cybersecurity incident tied to the ShinyHunters group appears to have expanded beyond an initial breach report, with Canvas hackers gaining access to human resources and financial management systems at multiple colleges. According to Google Threat Intelligence Group and Mandiant, Oracle PeopleSoft activity was blocked or remediated at some institutions but compromised at others. The activity reportedly resulted in stolen data published on a DLS platform, and at least one university—University of Nottingham—confirmed it was part of the broader breach. Oracle issued a security alert, but the reporting indicates varied impact across institutions depending on whether vulnerabilities were successfully addressed. Higher-ed IT leaders and compliance teams should treat the incident as a reminder that LMS compromises can coincide with broader enterprise system exposure, especially where PeopleSoft, HR/finance integrations, and identity systems share pathways for attackers.