The Data Breach Brief: Week of May 13th, 2026

The following data breaches have been announced this week—make sure you’re in the know.

If you received a data breach notice regarding any of the breaches listed below, act now and take Morgan & Morgan’s data breach quiz to see if you may be eligible for compensation.

Canvas (Instructure)

Canvas, the widely used learning management system operated by Instructure, suffered a cyberattack and data breach in or around May 2026, resulting in student and teacher data being accessed or acquired without authorization. The breach has been linked to the ShinyHunters hacking group and may have impacted educational institutions across the country. The types of sensitive data that may have been exposed in the breach included:

• Names
• Email addresses
• Usernames
• Passwords (potentially encrypted)
• Educational records and account data

Medtronic

Medtronic experienced a data breach on April 18, 2026, that may have resulted in unauthorized access to sensitive personal and health-related information. The incident is believed to have impacted nearly 9 million records connected to its services and systems. The types of sensitive data that may have been exposed in the breach included:

• Names
• Contact information
• Medical information
• Health insurance details
• Device or treatment-related data

Heritage Bank

Heritage Bank suffered a data breach on or around March 2, 2026, that resulted in personal and financial information being accessed or acquired without authorization. The types of sensitive data that may have been exposed in the breach included:

• Full names
• Addresses
• Financial account information
• Social Security numbers
• Dates of birth
• Taxpayer identification numbers

Mt. Spokane Pediatrics

Mt. Spokane Pediatrics experienced a data breach on January 1, 2026, that compromised sensitive patient information. The breach may have impacted individuals who received care through the practice. The types of sensitive data that may have been exposed in the breach included:

• Names
• Dates of birth
• Medical information
• Health insurance information
• Contact information

Sprouse Shrader Smith Law Firm

Sprouse Shrader Smith suffered a data breach on or around February 25, 2026, that resulted in unauthorized access to sensitive client and employee information. The incident may have exposed confidential legal and personal data of over 17,000 individuals. The types of sensitive data that may have been exposed in the breach included:

• Address
• Date of Birth
• Driver’s License/State ID Number
• Governmental Identification Number
• Social Security Number
• Financial Account Numbers
• Payment Card Numbers
• Taxpayer ID Number
• Health Insurance Policy Number
• Medical Information

Markovits, Stock & DeMarco, LLC

Markovits, Stock & DeMarco, LLC experienced a data breach between January 29, 2026, and February 3, 2026, when an unauthorized party accessed and copied sensitive personal information tied to individuals associated with union-related matters. The breach is under investigation and may impact a significant number of individuals. The types of sensitive data that may have been exposed in the breach included:

• Full names
• Social Security numbers
• Addresses
• Union membership information
• Employment-related data

If you or a loved one were affected by any of these data breaches, you may be entitled to compensation. Find out more in minutes with our online data breach quiz.