There’s no shortage of data breaches making headlines. Nearly every day, organizations of all sizes report incidents involving exposed sensitive information. While most assume they won’t be affected, the reality is, stolen data finds its way to the dark web, where cybercriminals use it for identity theft, financial fraud, phishing attacks, and other scams.
Whether you’re a business owner or consumer, staying informed about cybersecurity incidents is more important than ever. Business leaders can learn from the security gaps and vulnerabilities that have affected other organizations, while individuals can gain a better understanding of the risks to their personal information.
Here are three recent data breaches you should know about:
#1. Canvas Learning Platform
In early May, Instructure, the company behind the Canvas learning management system, reported a security incident where a hacking group called ShinyHunters gained unauthorized access to its environment. Canvas is one of the most widely used learning platforms in education, with nearly 9,000 institutions worldwide relying on it, making this a significant security incident.
According to reports, the hacking group gained access to roughly 3.65 terabytes of data, exposing the information of an estimated 275 million users. The exposed data reportedly included names, email addresses, student ID numbers, and user messages. While passwords and financial information were not believed to be compromised, the scale of the breach has raised concerns across the education community.
Why It Matters (Severity: High)
Although the exposed data likely did not include highly sensitive financial or medical information, the sheer scale of the breach and the number of users affected is significant.
Exposed personal information can be leveraged in phishing and social engineering attacks, and because educational institutions rely heavily on third-party technology providers, a single security incident can affect thousands of organizations and millions of users simultaneously.
#2. Rebound Orthopedics & Neurosurgery
Rebound Orthopedics & Neurosurgery, located in the Vancouver-Portland metro area, recently reached a $2.5 million settlement following a 2024 cyberattack. The breach exposed the data of more than 426,000 patients and disrupted the practice’s operations for more than two weeks.
The incident exposed a wide range of sensitive information, including names, dates of birth, Social Security numbers, driver’s license numbers, medical records, health insurance information, and financial account details.
Following the attack, Rebound Orthopedics & Neurosurgery faced a class action lawsuit alleging its cybersecurity measures were not sufficient to adequately protect patient data. The case has now been resolved through a $2.5 million settlement.
Why It Matters (Severity: Critical)
This breach exposed highly sensitive personal and medical information on a large scale, creating long-term risks for affected individuals. Healthcare records are among the most valuable types of data to cybercriminals and are often sold on dark web marketplaces.
The resulting lawsuit and settlement also highlight the significant financial and reputational consequences a cyberattack can have on a healthcare organization, emphasizing the importance of proactive cybersecurity measures.
#3. Navia Benefit Solutions
In March 2026, Navia Benefit Solutions, a Washington state-based benefit administration provider that manages benefit services such as flexible spending accounts (FSAs) and COBRA benefits for employers nationwide, disclosed a data breach affecting approximately 2.7 million individuals.
An unauthorized party accessed the company’s systems between December 2025 and January 2026 and may have acquired sensitive personal and benefits-related information.
For those impacted, the exposed data may have included names, dates of birth, email addresses, phone numbers, Social Security numbers, and health plan information.
Why It Matters (Severity: Critical)
The combination of Social Security numbers, personal contact information, and benefits enrollment data creates a significant risk of identity theft and targeted phishing attacks. Because Navia serves thousands of employers, a single breach has impacted millions of employees and dependents across multiple businesses.
The incident highlights the far-reaching consequences that can occur when a third-party provider entrusted with sensitive data experiences a cybersecurity breach.
Conclusion
With new breaches making headlines almost daily, it’s a good reminder that cybersecurity is no longer just an IT concern, it’s a business necessity. Organizations that take a proactive approach to cybersecurity are often in a much stronger position to reduce risk and prevent incidents before they occur.
For many businesses, partnering with a Managed Service Provider (MSP) can provide the expertise, tools, and monitoring needed to identify security gaps early and reduce the risk of a costly breach.
If you have questions about strengthening your organization’s cybersecurity posture, the Securus team is always here to help!
Stay safe, stay Securus!



