What colleges must learn now from the Canvas cyberattack - Steven W. Teppler and Carly Rothstein, University Business

The incident highlights a challenge many institutions have yet to fully confront: cybersecurity accountability does not disappear simply because data resides within a vendor-managed environment. Modern learning management platforms are now institutional environments containing years of communications, uploads, archived coursework, student interactions, advising discussions, accommodation-related exchanges, and operational records. The lesson is that universities now face a form of distributed digital liability in which institutional risk extends well beyond campus boundaries. Data may reside with third-party vendors, cloud providers, integrations, faculty-created repositories, archived course environments, and decentralized academic systems with limited visibility into what information remains accessible, retained, or duplicated.

https://universitybusiness.com/what-colleges-must-learn-now-from-the-canvas-cyberattack/