These aren't hypothetical scenarios. These are real organizations that were breached, and the human element played a role in every single one.
Canvas and Instructure: ShinyHunters
The hacking group ShinyHunters breached the Canvas learning management system twice in two weeks, exposing data from 275 million users across 9,000 schools worldwide. Ransom was paid. Congress launched an investigation. North Carolina schools were directly impacted, including Wake County and Durham Public Schools.
CNN · WRAL · The Register · May 2026
2024
Change Healthcare: Ransomware Attack
A single set of stolen credentials gave attackers access to the largest healthcare payment processor in the US. 190 million patient records were exposed, $22 million in ransom was paid, and pharmacies across the country could not process prescriptions for weeks. The largest healthcare breach in US history.
HHS · US Senate Hearing · 2024
2024
AT&T: One Stolen Credential, 109 Million Accounts
Call and text records for nearly 109 million AT&T customer accounts were stolen through a single compromised cloud credential. No sophisticated exploit. No zero-day. Just one exposed password and a threat actor who knew how to use it. The company later paid a hacker $370,000 to delete the stolen data.
AT&T SEC Filing · FCC · Wired · 2024
2024 to 2025
PowerSchool: Ransom Paid, Data Leaked Anyway
A breach of the PowerSchool student information system exposed data on 62 million students and 9.5 million teachers across North America. A ransom was paid to prevent the data from being released, and it was leaked anyway. Multiple school districts are now facing follow-on extortion demands.
PowerSchool · TechCrunch · 2025