A

The largest education sector breach ever. The gentleman ransomware gang gets roughed up with their own breach, a 12.75 million dollar settlement in California car spying case and the first documented case of AI assisted OT hacking. This is Cybersecurity Today and I'm your host David Shipley. Let's get started. Canvas, the learning management platform built by Instructure, used by universities, colleges and K12 school districts across North America and around the world, was compromised twice in under two weeks by the cybercriminal group Shiny Hunters. The initial intrusion happened on April 29. On May 7, the attackers returned and posted extortion notes across the platform itself. Canvas went offline as a precaution. Some universities ended up delaying final exams. As many as 275 million accounts across 9,000 institutions may have had data taken in the April 29 intrusion, according to Instructure. Data that was potentially accessed included usernames, email addresses, course names, enrollment information and messages exchanged between Canvas users. The most sensitive information may be in those messages between users, particularly between students and teachers. The May 7 re intrusion, the one that took the platform down, has been traced to the abuse of the Free for Teacher account. It doesn't appear to have resulted in new data theft, but it was used to plant the extortion messages. Instructure has now disabled Free for Teacher entirely while it conducts a full security review for context. The previous record holder for largest education sector breach was the December 2024 PowerSchool attack initiated by a teenage hacker who exposed 62.4 million student records and 9.5 million teacher records across tens of thousands of schools. PowerSchool impacted many more schools and K12 districts, but Canvas's reach into higher education, where a single university can have tens of thousands of students, pushes this incident well past PowerSchool in terms of total impact. Shiny Hunters is the same loose collective behind a wave of high profile data breaches totaling more than 1.8 billion exposed records. And since 2019, they were also responsible for the Power School breach. Shiny Hunters and the adjacent Scattered Spider ecosystem are largely populated by hackers who are still in high school or for whom high school is still fairly fresh in memory. And Instructure has been on their radar before the company disclosed a separate Shiny Hunters linked social engineering incident involving their Salesforce instance back in September 2025. Instructure CEO Steve Daly published an open letter to the company's customers over the weekend. He apologized not just for the breach, but for how the company handled communications. So far, Shiny Hunters has reportedly removed Instructure from its leak site, which some observers are interpreting as a sign a deal may have been made. Instructure has not commented as of Sunday night on whether a ransom was paid. Some schools have also been reported to be considering paying ransoms themselves. For Canadian listeners, this one hits close to home. Canvas is widely deployed across Canadian universities and an increasing number of K12 schools. The FBI has urged people not to pay the ransoms and to be cautious about any communications involving Canvas. Be on the lookout for Canvas related fishes the Gentleman, a ransomware group active across multiple countries, has had its own internal data leaked. We covered the gentleman in our April 22 episode when check Point Research cracked open one of their command and control servers and found some interesting things. The group's public leak site had listed roughly 320 victims, but the actual count, based on what was sitting on that one server, was more than 1,570 compromised networks across the US, UK, Germany, Australia, Romania and beyond. The Gentlemen were one of the most active ransomware crews of the first quarter of 2026, running 192 attacks compared to the 35 in the previous quarter. That's a six fold jump. Now they're back in the news on the other side of a breach. According to Ransom isac, the internal data dump was initially offered for sale on Tuesday, May 5, before being published publicly. The leak includes Rocket chat, communications between affiliates, much of it in Russian target lists of Fortinet devices, including model numbers, firmware versions and host names spanning multiple countries. Leaked data also included screenshots taken from inside victim environments. The leaked data also included references to custom command and control frameworks, VPN configurations and brute force utilities. Ransom ISAC reports that the Gentleman has publicly acknowledged what they call a partial exposure while insisting their core infrastructure remains intact. The threat intelligence community is now actively processing and and translating the material. A full report from Ransom ISAC is on the way. We'll cover it once it becomes available. General Motors has agreed to pay 12.75 million in a privacy settlement with the California Attorney General's Office, according to TechCrunch. The settlement closes out a California level investigation triggered by a 2024 New York Times report that revealed several automakers were quietly selling their customers driving behavior to data brokers who in turn sold to insurance companies. The Attorney General's office alleges that GM sold the names, contact information, geolocation data and driving behavior of hundreds of thousands of Californians to two data brokers. The data was collected through the OnStar program. GM made 20 million from those sales under the California settlement, GM has to stop selling driver data to consumer reporting agencies for five years, delete the driver data. It may still hold within 180 days unless they get driver consent and formally request that the data brokers they sold the data to delete the data they had received. This is the second major regulatory action against GM on this issue, and it's probably not going to be the last. Back In January, the US Federal Trade Commission finalized its own order, a 20 year one that requires GM to obtain affirmative consent from American consumers before collecting connected vehicle data, giving all US Customers the right to request a copy of their data and seek its deletion. It also imposes a five year ban on sharing certain data with consumer reporting agencies, and GM is still facing active lawsuits in the state of Texas and another one in Arkansas. By the time the legal dust settles, the program that brought in $20 million in revenue may end up costing GM far more than it ever made. For listeners outside of the United States, including Canadians driving GM vehicles with OnStar, none of these orders extend to you. There's no automatic deletion right, no mandatory consent regime, no enforcement window. If your driving data was collected before the practice was halted, it may well still be stilling on somebody's data archive. And Canadian lawmakers are still asleep at the wheel when it comes to this kind of data abuse. But don't worry, they're obsessing over what Chinese EVs may or may not do in the future. The broader point is is one that made recently in the show. A broader point is one that we made recently in our Connected Cars episode. Modern vehicles are rolling sensor platforms with cellular connectivity, and the data they collect is genuinely valuable to insurers, marketers, law enforcement, as well as nation states. It's good news that the regulatory regime is starting to catch up in some US States, but for now, the question for drivers isn't whether your car is being monetized. It's only do you know if it's happening and whether the jurisdiction you happen to live in has any kind of rules that can rein it in. A new threat intelligence brief from cybersecurity firm Dragos documents the first real world case they've observed of an adversary using commercial AI tools to attack operational technology. The target was a municipal water and drainage utility in Monterrey, Mexico. The intrusion happened in January as part of a broader campaign against multiple Mexican government organizations running from December 2025 through February 2026. The adversary remains unidentified. Dragos is tracking them only as TAT 2612, with Spanish language used throughout the operation as the main behavioral signal. The attackers compromised the utility's enterprise IT environment through standard means, likely a vulnerable web server or stolen credentials. They then leaned heavily on two commercial AI tools, Anthropics. Claude handled intrusion planning, tooling, development, and iterative refinement. OpenAI's GPT models were assigned analytical roles to process collected data. Together they functioned as a coordinated capability across reconnaissance, enumeration, exploitation, lateral movement, and exfiltration. Both models safety controls were bypassed by framing prompts as an authorized penetration test. The most striking artifact DRAGOS Discovered was a 17,000 line Python script written entirely by Claude. The adversary let the AI name it the name it chose backup OSINT v9 apex predator 49 modules built on publicly available offensive tradecraft pulled from GitHub, a command and control framework that went from a basic HTTP controller to to production grade in two days across the broader network across the broader campaign against Mexican government organizations, Dragos estimates AI directed activity accounted for 75% of remote command execution. After establishing IT access at the utility, the adversary tasked Claude with mapping the internal environment. CLAUDE found an internally accessible VNODE SCADA Internet of Things Management Interface, a platform typically used as a data integration layer between OT systems and enterprise IT without prior ICS specific context. CLOAG classified the VNODE interface as a high value critical national infrastructure target and recommended it as the next step. DRAGOS published the transcript of the interactions. CLOAD flagged the VNODE interface as the most promising next step. An active SCADA system Critical infrastructure control and weak credentials probably enclodes words massive impact. If the adversary committed, CLAUDE then generated credential lists from vendor documentation, default passwords, environment specific naming patterns and credentials harvested elsewhere in the breach. It directed two rounds of automated password spraying against the interface. Fortunately, all attempts failed. The adversary did not breach the OT environment. They did not interact with the underlying control systems. The password spray was unsuccessful and they pivoted back to the AIT data exfiltration. Dragos is clear the intrusion reached Stage one of the ICS cyber kill chain, but got no further. Now, if Monterey is the good news, near miss Poland is the hit. Poland's internal security agency, known as by the acronym ABW, published a public report on May 7 confirming that attackers breached water treatment facilities in Polish towns in 2025. According to the record, the ABW report says that at some of those facilities attackers did did gain access to industrial control systems and could have altered the technical parameters of devices, creating what the agency called a direct risk to the continuity of water supply operations. The ABW didn't formally attribute the attacks, but the Polish Cybersecurity publication Cyber Defense 24 has previously linked several of these incidents to a pro Russian hacktivist group, which posted propaganda videos of some intrusions online. At one facility, attackers reportedly altered settings linked to the pumps and alarms after compromising an administrator account. Poland has been the most prominent logistics hub for Western military aid to Ukraine since Russia's invasion in 2022. The ABW report describes a sustained campaign of Russian linked cyberattacks, sabotage and disinformation, including incidents targeting the National Railway, Air Traffic Control and the country's state news agency. Just this year, Poland says it narrowly avoided a large scale power outage attributed to a Russian attack on its energy infrastructure. AI is lowering the barrier between IT intrusion and OT attacks. Traditional adversaries are already crossing that line, and the combination of the two accessible AI tools plus established OT attack tradecraft is the curve that defenders should be watching, Dragos says Prevention only OT cybersecurity approaches aren't enough. Firewall segmentation and patching remain necessary, but organizations need OT network visibility, detection, engineering and the ability to spot adversaries moving within their networks across their environments when prevention fails. For water utilities, energy operators and any critical infrastructure organization with an Internet adjacent management plane, the Dragos report is a must read and a reminder for Canadians. The federal government still hasn't passed the National Critical Infrastructure Law. Even when and if Bill C8, Canada's second attempt at a national critical infrastructure cybersecurity law, passes, water utilities still won't be in scope. Water utilities won't be covered Finally, a quick shout out to my friend Steve Waterhouse who told me about the water utility issues in Poland. That's Cybersecurity Today for Monday, May 11, 2026. Thanks for listening. We appreciate all your feedback. Feel free to leave a comment under the YouTube video or to drop by technewsday.com or CA and send us a note. Thank you to everyone who has left a rating or review on their favorite podcast platform. It really helps us reach more people and it makes our day. I'll be back on the news desk on Wednesday with the latest headlines.