MADISON, Wis. – In early May 2026, the popular learning management system Canvas was affected by a cyberattack and data breach. Following the incident, many users are unsure what they should do next. When a consumer’s data is involved in a large-scale breach, it can be difficult to know who accessed it and whether that person or group retained any of it. Because of these uncertainties, it is important for consumers affected by a data breach to take immediate action to protect their accounts, secure their identity, and prevent scams.
Protect Your Accounts
After a cyberattack or data breach, consumers should change their passwords – not only for the account directly impacted by the breach, but also for all other accounts that use the same password. Repeated passwords are a vulnerability because if bad actors learn one account’s password, they can gain access to numerous accounts owned by that user. To add an extra layer of security, consumers should use multi-factor authentication for any accounts that offer it.
Secure Your Identity
Consumers should place a security freeze on their credit report. A security freeze requires creditors to obtain the consumer’s authorization before any new loans, credit cards, or other forms of credit can be extended in their name. Placing a security freeze is free and gives a consumer more control over their credit report, as they can temporarily lift it as credit is needed or remove it if they desire. Also, parents and legal guardians can – and should – place a security freeze on the credit reports of their children or other protected individuals. Place a security freeze by directly contacting the three major credit reporting agencies: Equifax, Experian, and TransUnion.
Consumers can also place a free fraud alert on their credit report. By contacting any one of the three major credit reporting agencies, a consumer can request that their credit file be flagged with a statement that says they may be a victim of fraud or identity theft. This requires creditors to take additional steps to verify a consumer’s identity before extending credit, but it does not stop credit from being extended.
Following a data breach, consumers should monitor their credit and online accounts to catch any warning signs of fraud early. Time is of the essence when responding to identity theft. Consumers can access free, weekly credit reports online at AnnualCreditReport.com.
Prevent Scams
When major cyberattacks strike, scammers often
follow. They take advantage of confusion and uncertainty by impersonating a
legitimate organization. This might include the company that was breached, a
law firm representing consumers impacted by the breach, a government or law
enforcement agency, or a tech support service. Posing as a trustworthy source
but intending to scare consumers, scammers send emails and texts claiming that the
consumer needs to provide their personal information in order to protect themselves
or their data. Consumers should avoid opening links or attachments in
unsolicited messages that claim they were impacted by a data breach.
What Comes Next?
Consumers who experience identity theft or a scam related to a data breach should file a complaint with DATCP. For more information and consumer protection resources, or to file a complaint, visit DATCP's Consumer Protection webpage at ConsumerProtection.wi.gov. DATCP's Consumer Protection Hotline can be contacted at (800) 422-7128 or DATCPHotline@wisconsin.gov.
###
Find more DATCP news in our newsroom, on Facebook, X, and Instagram.