Mountain Home School District Data Breach Lawsuit Investigation
Received a May 2026 breach notice from Mountain Home School District?
Dapeer Law, P.A. is investigating a potential class action against Mountain Home School District 193, an Idaho-based public K-12 school district, on behalf of students, parents, guardians, staff, and other Canvas users whose personal information may have been exposed in the May 2026 cyber incident affecting the District's Canvas Learning Management System account.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from Mountain Home School District dated May 2026.
- You are a current or former Mountain Home School District student, parent, guardian, employee, or other Canvas account holder whose information may have been on the platform during the period of unauthorized access.
- You had personal information held by Mountain Home School District through its Canvas Learning Management System account, which is operated by the third-party vendor Instructure.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
On May 2, 2026, Instructure, the third-party vendor that operates the Canvas Learning Management System used by Mountain Home School District 193, alerted the District that an unauthorized actor had gained access to certain user data housed in Instructure's cloud environment. According to the notice the District later filed with the Idaho Attorney General, Instructure rotated security keys, revoked compromised credentials, remediated the underlying vulnerability, and notified the FBI, CISA, and international law-enforcement partners.
After verifying the incident, the District filed a formal breach notice with the Idaho Attorney General on May 7, 2026, roughly five days after Instructure's initial alert. Instructure's preliminary investigation indicates the attacker accessed user names and email addresses, student ID numbers, and private messages exchanged within the Canvas platform. The District has not publicly disclosed the total number of individuals affected, and the notice does not announce any complimentary credit-monitoring or identity-protection service.
Although the disclosed data categories do not include Social Security numbers or financial account information, names combined with student IDs, school email addresses, and the contents of private Canvas messages can fuel highly targeted phishing and social-engineering campaigns. Notice recipients should remain alert to unsolicited messages referencing their Mountain Home School District student record, Canvas login, school email, or any topics that previously appeared in their Canvas conversations.
What to do if you received a letter
Keep your notice letter
Do not discard your Mountain Home School District breach notice. The letter documents the categories of information the District says were involved and serves as important evidence if you decide to participate in a class action.
Monitor your school email and Canvas account
Because the District's notice does not include complimentary credit monitoring, watch for phishing emails sent to your school or personal address, unfamiliar login alerts on Canvas, and unusual activity on any account that shares your student ID or school email. Save copies of any suspicious messages, as these records may support a future claim.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's IdentityTheft.gov recovery guide. For K-12 cases, also watch for fraudulent messages claiming to come from school administrators, the registrar's office, IT support, or third-party education vendors, and review past Canvas private messages for any sensitive details that could be reused against you.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your Mountain Home School District notice, explain your options, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring Mountain Home School District and its Canvas vendor to implement stronger data security practices going forward, including additional access controls, more rigorous vendor oversight, and faster notification timelines.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from Mountain Home School District. What should I do? +
Keep your Mountain Home School District notice letter, change your Canvas and school email passwords, enable Multi-Factor Authentication where available, stay alert for phishing emails sent to addresses tied to your student ID or school account, document any time or money you spend responding to the breach, and consider speaking with a data breach attorney. Because the District's notice does not offer complimentary credit monitoring, you may also wish to place a free fraud alert with the three major credit bureaus.
Am I eligible to join a class action against Mountain Home School District? +
Anyone who received a Mountain Home School District breach notice, or whose information was stored in the District's Canvas Learning Management System during the period of unauthorized access, is a likely candidate. Eligibility for any future class action will also depend on your state of residence, the categories of your data that were involved, and any documented losses or out-of-pocket expenses.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
The District's public notice identifies user names and email addresses, student ID numbers, and private messages exchanged within the Canvas platform as the categories of information that may have been involved. Your individual letter is the most reliable source for what was associated with your account, so we recommend reviewing it carefully and saving a copy.
Did Mountain Home School District offer free credit monitoring? +
No. The Mountain Home School District breach notice does not announce any complimentary credit-monitoring or identity-protection service at this time. If credit monitoring is added later, this page will be updated.
How many people were affected by the Mountain Home School District breach? +
Mountain Home School District has not publicly disclosed how many individuals were affected. The Idaho Attorney General filing referenced above does not include a total count, and this page will be updated as more information becomes available.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
The breach notice Mountain Home School District submitted to the Idaho Attorney General is available on the Idaho AG's website at the link in the Sources & References section below. If you cannot locate your individual letter, Dapeer Law can help you obtain a copy as part of a free consultation.
Sources & references
- Official breach notice filing · Idaho Attorney General, Mountain Home School District Data Breach Notice (PDF)
- Company · Mountain Home School District 193 (mtnhome.k12.id.us)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC IdentityTheft.gov
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
