The Login That Wasn’t

On the afternoon of May 7, 2026, a student at the University of Pennsylvania opened the Canvas tab they had been using to study for finals. The login screen had been replaced. A message sat on the page, signed by people whose names the student did not recognize, posted to what had been, for the entirety of an academic life, a benign and unexamined fixture. The signature was ShinyHunters, a criminal hacking collective that, in the previous fortnight, had breached the European Commission, exfiltrated data from Vimeo through a third party called Anodot, and seeded itself across the leak indices of Salesforce, Cisco, Apple, and Amazon. The note, briefly, told the student that the parent company Instructure had been hacked again, that their personal data was already loose in the world, and that the institution paying for their education had a deadline: negotiate with the hackers, or watch the dataset surface in full (Franceschi-Bicchierai, 2026).

The student closed the tab. The student had a final the next morning. The reading was in Canvas. The discussion thread where the professor had posted clarifying answers was in Canvas. The recorded lectures were in Canvas. The dashboard where they had been quietly tracking their grade was in Canvas. The messaging system they had used to ask the TA for an extension was in Canvas. There was, as a Penn undergraduate told CNN that afternoon, no other place to go (Maruf, 2026). The professors, scrambling, began posting materials to email and to private Google Drive folders. Multiple universities postponed exams. Several state K-12 networks severed their authentication portals from Canvas pending investigation, leaving teachers with no way to reach students whose only addressable identity had been a Canvas account (Wikipedia, 2026). The most striking artifact of the incident was the smallest one. At the moment of the global outage, Instructure’s own status page reported one hundred percent uptime (Wikipedia, 2026). The instrument that measured the system had been compromised by the same logic that produced both.

In 1992, Sneakers gave us Cosmo. Ben Kingsley playing a phreaker-turned-philosopher-king, delivering a monologue from a glass-walled office about a war the rest of us had not yet noticed was already on. The pitch, condensed: it is not about who has the most bullets, it is about who controls the information. The film wrapped the observation inside a thriller, with the obligatory MacGuffin in the form of a black box that factored primes and broke any cipher in the realm — Setec Astronomy, the cipher-eater, the algorithmic equivalent of a milled-edge press running in reverse. What got remembered, mostly, was the box. What Cosmo actually said, and what the screenwriters quietly diagrammed thirty-four years ago, was that the box was the cover story. You did not have to break the cipher if the institutions had already moved themselves inside the database.

That inference has come due. The Canvas hack is what it looks like in the wild. It is the same crime as coin-clipping, run against the silver penny’s distant cousin — the institutional record, whose value depends on the trust that backs it — and the move that worked the last time around is no longer on the table. Newton’s Recoinage of 1696, the milled edge, the silver beneath the king’s image: a metallurgical change to a unit of account, made possible because the metal still existed. The metal does not exist now. The institutions denominated in Canvas have, over the past fifteen years, transferred their substance into the platform that names them, and what ShinyHunters extracted is not a layer of the institution but the layer the institution has made itself. Digitization, in the shape it took, did not add redundancy. It compressed redundancy into a single tier with multiple logos, and brittleness in proportion. The criminal pattern is old. The architecture is the new part. What has thinned is the body from which any recovery would have to be made.

The Hammered Coin

To understand the historical analog, begin with the ordinary medieval silver penny. The penny was, by intention and by metallurgy, a thing whose value lived in two places at once, and could be attacked at the seam between them. On its face, the penny carried the king’s image, an iconographic warrant of authenticity that asserted royal sovereignty over the realm’s commerce. In its body, the penny was a quantity of silver, weighed at minting, stamped with the realm’s mark, and circulated as a unit of value derived from its bullion content. The two places were supposed to be the same. The face was meant to certify the body. In practice, the relationship between iconography and weight was held in tension by the technology of production. Hammered coins, struck by hand between two dies and then cut from a flan of silver, had irregular edges. The process did not produce a uniform circumference. A penny might come out of the mint slightly heavier than its neighbor, or slightly lighter, and that manufacturing variability was the precise gap that made fraud possible, and invisible.

Coin clipping took advantage of the gap. A clipper, working with shears and patience, could shave a sliver from the edge of a penny, accumulate the shavings over weeks, melt them into bullion, and pass the clipped coin into circulation at full face value. Each individual clip was small, undetectable in casual transactions, indistinguishable from the natural variability of hammered minting. Over time, the clippings amounted to fortunes. Across decades, they amounted to monetary collapse (Brewminate, 2025). By the late seventeenth century, the practice had become endemic in England. Newton himself, taking inventory of the coin called in for the Great Recoinage, estimated that twenty percent of the coin then in circulation was either clipped or counterfeit (Wikipedia, 2026b). In the surviving silver pennies of the period, archaeologists describe coins reduced to “crescent moons,” whose original silhouette had been entirely planed away (Royal Mint Museum, n.d.). The coin had become its own erasure.

The historical literature has long understood coin clipping as a class of crime created by a specific technology, and rendered tractable only by changes to that technology. Sargent and Velde’s The Big Problem of Small Change documents the centuries-long evolution of minting practice across Western Europe, describing how the metallurgical conditions of the hammered coin produced a stable equilibrium of low-grade fraud against which neither weighing nor royal proclamation could ultimately prevail (Sargent & Velde, 2002). Carlo Cipolla’s earlier work on the medieval Mediterranean coinage similarly described the persistent gap between the official and the actual content of small change as the structural fact that monetary authorities had to manage rather than eliminate (Cipolla, 1956). The crime arose from the technology. It would not yield to moral exhortation, royal violence, or even the brutal anti-Semitic scapegoating of 1278, in which Edward I arrested more than 1,178 Jews on charges of clipping and executed many of them in a state campaign whose primary motive was less monetary integrity than the seizure of bonded debts (Medievalists.net, 2025). The pattern matters. When authorities cannot solve a structural problem, they often choose victims they can punish in lieu of mechanisms they can change.

What finally changed the situation was a metallurgical innovation. The milled edge, an edge cut and reeded by mechanical press and carrying a continuous border of fine ridges or a raised legend, rendered clipping immediately visible. A clipped milled coin was missing its reeding. The absence was a signature. After the Great Recoinage of 1696, in which Newton, as Warden and then Master of the Royal Mint, organized a four-year operation that smelted most of England’s existing silver supply and reissued it in milled form, the technology of the coin itself became part of the verification system (The Royal Mint, n.d.). The crime did not vanish. It was made expensive enough, and visible enough, that the equilibrium shifted. The hammered penny was retired. The silver was recalled. The realm continued.

This is the part of the story that gets remembered for its hero. Newton at the Tower, prosecuting the master counterfeiter William Chaloner, organizing five hundred men at the Mint to work from four in the morning until midnight, six days a week, ratcheting the weekly output from fifteen thousand coins to fifty thousand, dispatching auxiliary mints to Bristol, Chester, Exeter, Norwich, and York (Coins and History Foundation, 2021). It is a satisfying story, and it has the additional satisfaction of presenting the past as a tractable problem. The realm had a crisis. The realm had a Newton. The crisis was solved. The story is true. It is also the part that does not transfer.

The Part That Does Not Transfer

What rarely gets emphasized in accounts of the Recoinage is the part of the historical situation that made the Recoinage possible at all. Three conditions held the seventeenth-century English economy together while its currency was being clipped to crescents, and each of them, today, has gone missing in a way the present moment has not yet adequately registered.

The first was that the silver still existed. When Newton called in the clipped coin, he was calling in metal. The bullion that had been shaved away was still in someone’s hands, melted into ingots in a clipper’s back room, but the bulk of the realm’s silver remained in circulation, had not been destroyed, and could be remelted and reissued. The coins were debased. The silver was not. A monetary crisis at the level of the unit of account did not imply the disappearance of the underlying value carrier. Recoinage was, in the literal sense, recoinage. There was something to coin again.

The second was that the economy was not exclusively monetary. Even in a period when coined money was the dominant medium of long-distance trade, daily life ran on multiple parallel systems of value. Barter persisted in agricultural communities. Local credit, recorded in tally sticks and merchants’ books, mediated transactions among people who knew one another. Foreign coin (Spanish reales, Dutch guilders, French écus) circulated freely in port cities and was often preferred for high-value transactions because of its more reliable metal content. The monetary system was, in the language now used for software architecture, polyglot. When the English silver penny lost its credibility, English commerce did not stop. It limped, suffered, complained loudly to Parliament, and continued to function on the redundant systems that had not been compromised (Allen, 2016).

The third was that institutional memory existed independently of the monetary unit. A merchant’s reputation, a guild’s records, a parish register, a manor court’s customary rolls: the social memory of seventeenth-century English commerce was distributed across paper, vellum, and the embodied knowledge of clerks, factors, and witnesses. The coin was the unit of denomination. The institution did not live inside the coin. When the coin was clipped, the institution did not lose its capacity to remember itself.

Each of those is what made Newton’s response sufficient. The Recoinage worked because there was metal to recoin, a redundant economy to absorb the upheaval, and an institutional memory that did not depend on the integrity of the coinage. Remove any of the three, and the historical solution becomes inapplicable. Remove all three, and the Recoinage becomes literally inconceivable, because there is nothing to which the operation could be applied.

This is not the situation of the institutions affected by the Instructure breach. The student data has been exfiltrated. It cannot be uncoined. The institution has no parallel record of attendance, grade history, communication, or course material that is not held in Canvas. The student’s transcript is, increasingly, a derivative of the gradebook. The gradebook is in Canvas. The syllabus is in Canvas. The recorded lecture, which is the only artifact of an instructor’s teaching that survives the term, is in Canvas. When Canvas falls, what is exposed is not a single tier of institutional infrastructure. It is the institution itself, reconceived as a tier of Canvas.

The Counter-Argument

The argument I am building can be accused of exaggeration, and the accusation, in its first form, has merit. The breach was contained. Canvas was restored to most users by the morning of May 8, 2026 (Time, 2026). Universities postponed exams, redirected coursework, distributed materials through email and Google Drive, and absorbed the interruption with the kind of operational pragmatism that universities have practiced since the printing press. The system, in this telling, was robust precisely because it failed gracefully. The platform went down. The institutions, drawing on the redundancy of their other digital tools, continued.

Narayanan and Kapoor make a strong version of this argument in AI Snake Oil, where they observe that the cybersecurity literature has long understood “defense in depth” as the principle that critical systems should be designed with multiple, heterogeneous layers, each requiring a different attack strategy to penetrate. On this view, “a relatively weak defender” can hold off “a much more well-resourced attacker,” provided that the layers are genuinely independent and the resources are adequate to maintain them (Narayanan & Kapoor, 2024). They note, accurately, that the cybersecurity industry has access to the same automated tools as the attackers and has, on balance, used them to harden systems faster than the attackers can erode them. The premise is not naive. It is the working architecture of every well-funded enterprise security program in the world.

A second counter-argument is cryptographic, and it has the additional benefit of being the very argument Sneakers set up to undermine. The medieval coin was vulnerable to clipping because verification of its authenticity required physical inspection (weighing, testing, biting) and physical inspection at scale was impossible. Modern systems do not require physical inspection. They require cryptographic signatures, which can be verified at scale, mathematically, by any party with the corresponding public key. In principle, a properly architected educational record, signed at issuance, could be re-verified by anyone, anywhere, indefinitely. The integrity of the record could outlive the integrity of the platform. Cryptography, on this view, is the milled edge of the digital era. A verification technology that makes alteration visible and refusal of forgery automatic.

These are serious arguments. The partial truth in each is why the breach has the contour it has, instead of the apocalyptic shape commentary sometimes wants to give it. Canvas did come back online. The data exfiltrated did not include passwords, dates of birth, government identifiers, or financial information; the disclosure tracked names, email addresses, student ID numbers, and the contents of internal messaging (Wikipedia, 2026). The institutions did respond, and the defenders did have depth. Read at the level of the immediate aftermath, the counter-argument is not wrong about what happened.

What the counter-argument misses is what the breach reveals about the architecture, rather than what it destroyed in the moment. Defense in depth, as a principle, requires depth. The depth of the system in question is the heterogeneity of the layers behind the platform, and that heterogeneity has, over the past fifteen years, been progressively flattened by the consolidation of educational technology into a small number of vendors. Canvas is the dominant learning management system in North American higher education, used by approximately forty-one percent of institutions, and is the standard K-12 platform in numerous American states (Wikipedia, 2026). Its principal competitors share the same SaaS architecture, the same cloud-vendor dependencies, the same reliance on third-party authentication providers, and, increasingly, the same pool of Salesforce instances and AWS regions (Hackread, 2026). The ShinyHunters operation has, over the past three years, demonstrated that the threat model is precisely the homogeneity of the layer beneath the logos. The same group breached Snowflake-adjacent customers in 2024, exfiltrated 560 million Ticketmaster records, took 110 million records from AT&T, and walked through Salesforce instances using OAuth abuse in 2025 (Wikipedia, 2026c). The depth that defense-in-depth requires has been compressed into a single tier with multiple logos.

The cryptographic counter-argument has a parallel weakness. The Instructure breach was not a cryptographic failure. The vulnerability that ShinyHunters exploited, the company has confirmed, was related to its Free-For-Teacher accounts and to a Salesforce instance operated by Instructure (Daily Security Review, 2026). The signatures held. The encryption held. What failed was the operational chain by which a vendor’s customer relationship management system was connected to the platform’s authentication and data layers, such that compromise of the periphery yielded access to the core. Cryptography does what cryptography does. It cannot remediate an architecture in which the boundaries of the trusted system extend to every connected partner of every vendor of every institution. The genealogy of the breach (Trivy, the open-source vulnerability scanner; Anodot, the analytics partner; Instructure’s own Salesforce instance) is the genealogy of a foundation that has dissolved into a network of mutual dependencies, each presented to the institution as the platform but in fact the platform’s exposure surface.

The short version is that the counter-arguments are correct about what cryptography can do and what defense-in-depth can do, but those mechanisms protect a layer of the system that is not the layer where institutional substance now lives. The institutional substance has migrated downward into the vendor relationship itself, and the vendor relationship is the part with no fallback.

Schools That Limp Versus Schools That Stop

Consider, by way of contrast, how a comparable institutional crisis would have looked in the late seventeenth-century English commercial economy that Newton inherited. Suppose a major merchant of the period had his strongbox stolen and the contents (clipped pennies, foreign coin, a few promissory notes) dispersed. The merchant would lose value, certainly, and the loss would be serious. But the merchant’s business would not stop. His relationships with his factors in Antwerp, his apprentices in London, his customers in the country, his banker, his guild, his parish: all of these were carried in correspondence, in his books, in the ledgers of the people he transacted with, and in the embodied memory of the people he had worked with for years. The strongbox was a unit of his wealth. It was not the architecture of his commercial life. Even total loss of the strongbox did not entail total loss of the commerce.

Now consider a present-day university experiencing the Instructure breach during finals week. The student’s coursework is in Canvas. The professor’s gradebook is in Canvas. The TA’s communication with the student is in Canvas. The recorded lecture, which has substantively replaced the in-person lecture for many courses since 2020, is in Canvas. The library reserves are accessed through links in Canvas. The proctoring software for online exams is integrated with Canvas. The third-party homework systems used in introductory STEM courses are linked to Canvas through LTI integrations. The student’s institutional identity is mediated, for most practical purposes, by their Canvas login. When Canvas goes down, the strongbox is empty, the books are gone, the correspondence is unreachable, the apprentices cannot be located, and the parish has been outsourced to a third party that is currently in maintenance mode.

That is the disappearance of fallback. The modern institution has email, paper, hallways, classrooms, and faculty with personal phone numbers. What it does not have is fifteen years of operational practice that does not run through the platform. The institution has spent that decade and a half migrating its operational substance into the platform under the assumption that the platform was an instrument rather than a constitutive layer. The migration was rational at every step, because the platform was useful and because the cost of maintaining a parallel non-platform record was real. The aggregate of those rational steps is an institutional architecture in which the platform is not a tool but a tier. When the tier fails, the architecture fails with it, and the recovery options are bounded by the vendor’s incident response timeline rather than by the institution’s own capacity to remember itself.

The Canvas breach is, in that frame, a coin-clipping crime. ShinyHunters did not destroy Instructure. They extracted small slices of value (3.65 terabytes across 275 million records, on their own claim (Wikipedia, 2026c)) from a system in which the slicing was operationally invisible until it was disclosed. The hammered penny did not know it had been clipped. The platform did not know it had been compromised. The clip and the breach are the same operation. An extraction made possible by the technology of the unit, repeated at scale, undetectable individually, and corrosive in aggregate.

The recovery is the part that differs. Newton could recall the silver. There is nothing for the universities to recall. The data is in the leak indices already. The trust the data underwrote cannot be reissued by any operational decision Instructure makes. The Salesforce instance can be patched. The Free-For-Teacher accounts can be retired. The affected institutions can be notified. The third-party forensic firm can complete its investigation. At the end of all that remediation, the data will still be in the world. The clip cannot be uncoined.

What Was Underneath

Newton had silver. The Instructure-dependent university has nothing equivalent. The educational record has been digitized, and digitization, as practiced, has consisted of moving the institutional memory off the institution and into the vendor. The silver of the institution is the trust of its credentialing function, the integrity of its student record, the durability of its faculty’s teaching artifacts, and the privacy of its students’ communication. None of those is held in any place other than the platform. There is no auxiliary mint. There is no reeded edge. There is no Bristol, Chester, Exeter, Norwich, or York to which the operation can be moved while the Tower is being repaired.

The absence is not, primarily, a security failure. The platform operators have, by industry standards, reasonable security practices, third-party forensic relationships, and a posture of compliance with the regulatory frameworks that govern educational data. The absence is architectural rather than operational. What is missing is a layer beneath the platform in which the institution maintains the material substance of itself. The medieval merchant’s books were not more secure than Canvas. They were less secure. They could be burned, lost in shipwrecks, falsified by dishonest factors, or destroyed in a single fire. What they were was redundant. There was the merchant’s copy, the factor’s copy, the customer’s copy, the parish’s record, and the embodied memory of the people who had been parties to the transactions. Burn one, and the others remained. Compromise one, and the network of cross-references made the compromise visible.

The contemporary educational institution has a single copy. It is held by the vendor, replicated across the vendor’s infrastructure, and presented to the institution as a service. The infrastructure is more robust than any single ledger book. It is also less plural. Yampolskiy, surveying the brittleness problem across computational systems, draws on a body of scholarship in information technology that observes how controllability can be maintained at the microscale of individual artifacts but dissipates at the macroscale of networked interactions, where causality is lost and unintended consequences accrete faster than human decision-making can register them (Yampolskiy, 2024). The local case here is that the ensemble of the institution’s daily operational dependencies has migrated into a vendor whose own dependencies are themselves opaque: on AWS regions, on Salesforce instances, on Snowflake warehouses, on third-party analytics partners with names like Anodot, on open-source vulnerability scanners like Trivy, and on the integrity of every credential issued anywhere in that supply chain (Hackread, 2026).

The historical analogy has one more move in it that the news cycle obscures. The Great Recoinage of 1696 did not solve coin clipping by improving the moral character of the population. It solved coin clipping by making the unit of value harder to alter, and by providing a mechanism for replacing the corrupted units with new ones. The institutional response to the Canvas breach has, so far, taken the opposite shape. It has consisted of strengthening the moral and contractual posture toward the vendor, of demanding faster disclosure, of asking for clearer security practices, and (in a few cases) of severing the connection between the institution’s authentication portal and the vendor pending investigation (Rutgers University, 2026). What it has not consisted of is any architectural reform that would restore something beneath the platform. The institutions are demanding better behavior from Instructure. They are not, for the most part, building a layer of institutional memory that would be intact when the next vendor breach occurs.

The medieval response to coin clipping included royal violence, scapegoating of religious minorities, capital punishment, and three centuries of largely ineffective enforcement, before it finally consisted of a metallurgical change to the unit itself. The contemporary response to platform breaches is at the early stage of the corresponding cycle: scapegoating of the immediate vendor, demands for stronger enforcement against the criminal group, threats of regulatory action in some jurisdictions, and the universities’ own carefully neutral statements framing the breach as an interruption rather than the structural revelation it is. The metallurgical change has not yet been imagined, partly because the equivalent of the milled edge today is not a feature of the vendor’s product but a feature of the institution’s own architecture, and the institution has spent fifteen years systematically dismantling the architectural conditions that would make such a feature possible.

The Vendor as Specie

The headline TheNextWeb ran with the breach made the structural observation more sharply than most commentary: “The largest education data breach in history was not an attack on a school. It was an attack on a vendor” (Stan, 2026). The wording is precise. The breach is described as an attack on a vendor because the institutions, in their operational substance, have become indistinguishable from the vendor. The vendor is the specie. The institution is the denomination on its face.

The colonial cartographer’s map and the Domesday Book share, with the Canvas database, a single common feature: each is an instrument that came to be, over time, mistaken for the territory it described. The Domesday survey of 1086 was originally a fiscal document, a record of holdings sufficient to assess tax. Within decades it had become the legal foundation for property claims that would not have existed without the document. The map became the territory because the institutions of land tenure restructured themselves around what was recorded. The Canvas record is on its way to becoming the equivalent for the educational career. The grade is a record in Canvas. The course is a course in Canvas. The student, increasingly, is a row in Canvas’s database, and the row’s contents are what the institution issues credentials against.

Here is the part the analogy stops being able to bridge. Coin clipping was a crime against a unit of value that had silver underneath. The metal could be recovered, melted, and reissued, because the metal continued to exist independently of the abuse to which it had been subjected. The Canvas breach is a crime against a unit of value that has, beneath it, no second layer at all. The institutional records the platform holds are the only systematic instance of those records. The crime cannot be unwound by smelting. There is no metal. The realm cannot be recoined. The realm has dissolved into the units of account.

The platform should exist. What should not exist is an institutional architecture that has been allowed to thin to a single tier without the corresponding development of the redundant systems that historically have made institutional life resilient to crime. The medieval merchant’s reputation was carried in his correspondence, his guild, his factors, and his ledgers, none of which were the same system. The contemporary university’s institutional memory is carried in its LMS, its student information system (often Workday or Banner, with its own vendor exposures), its identity provider (often Okta or Microsoft, with its own breach history), and its email system (often Google or Microsoft, with its own dependencies on the same cloud providers as the LMS). The plurality is nominal. The floor is one floor. The defense in depth is a description of marketing categories, dressed up as architecture.

What Newton could recall was something. What Instructure can remediate is the platform’s operational integrity. Those are not equivalent operations, and the difference between them is the difference between an institution that retains a body and an institution that has rented one. The Recoinage worked because England, in 1696, was still a place that ran on silver, on parish, on letter, and on guild, with the coinage as one of several mediums and not the medium itself. The institutions clipped by ShinyHunters in 2026 are not in that situation. They have, over the course of a decade and a half, made the platform the medium of their operation, and the platform has, accordingly, become the surface across which the clipping occurs.

A clipped coin still had silver in it. A breached Canvas account does not have an institution in it. The institution is what is supposed to be on the other side of the credential, and the credential, as the breach has demonstrated, is now a row in a database held by a third party whose own dependencies extend beyond the institution’s awareness or control. The trust the credential underwrites cannot be reissued by patching the platform, because the institution has no separate record from which to reissue it. The institution is the platform’s downstream reflection. The platform has been clipped.

In 1696, the coin was clipped and the realm was preserved. In 2026, the platform is breached and the institution is the part that has been clipped, because the institution’s substance has migrated into the platform. Newton’s response was conservative restoration. Bring the silver back to the Tower. Mill the edges. Reissue the coinage. The response now available to the affected universities is, by comparison, attenuated. They can wait for the vendor to patch. They can change the locks on a credential system that has already been compromised. They can hope that the deadline ShinyHunters has issued passes without further disclosure, and that the data already in the leak indices does not surface beyond the criminal markets where it is presumably being traded already.

What is foreclosed is the move that made Newton’s response sufficient. There is no silver to recall, because the institutions have built themselves on a substance that does not exist except in the platform. The coin clipping has, in the cloud, become the only operation the architecture admits, because the architecture has retired the metal in the name of a convenience that, in the fullness of time, will be measured against the cost of the convenience itself.

The student who closed the Canvas tab on May 7, 2026, did not return to a different system. The student returned to email, to Google Drive, to a TA’s personal phone number, to whatever ad-hoc redundancy the professor had cobbled together in the previous six hours. The institution will recover. The data will not. That ratio is what the comparison with Newton finally renders visible, and it is unfavorable in a way the news cycle, fixated on uptime and remediation, has no instrument to read. The platform came back online by Friday morning. The institution, in the deeper sense in which the institution is its memory of itself, is not online and is not coming back online. The operation by which it would do so has not yet been imagined. The metal on which such an operation would draw was retired, over the past decade and a half, in the name of a convenience the present moment is in the middle of pricing.

References

Allen, M. (2016). Currency depreciation and debasement in medieval Europe. In D. Fox & W. Ernst (Eds.), Money in the Western legal tradition: Middle Ages to Bretton Woods. Oxford University Press. https://academic.oup.com/book/8347/chapter/154006824

Brewminate. (2025, July 3). Coin clipping rings and monetary fraud in the medieval era. https://brewminate.com/coin-clipping-rings-and-monetary-fraud-in-the-medieval-era/

Cipolla, C. M. (1956). Money, prices, and civilization in the Mediterranean world: Fifth to seventeenth century. Princeton University Press. https://www.fulcrum.org/concern/monographs/qf85nb97k

Coins and History Foundation. (2021, April 30). Sir Isaac Newton: Warden of the Mint. https://coinsandhistoryfoundation.org/2021/04/30/sir-isaac-newton-warden-of-the-mint/

Daily Security Review. (2026, May 5). 275 million students’ records allegedly stolen in Canvas breach. https://dailysecurityreview.com/cyber-security/275-million-students-records-allegedly-stolen-in-canvas-breach/

Stan, A. M. (2026, May 7). The largest education data breach in history was not an attack on a school. It was an attack on a vendor. The Next Web. https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor

Franceschi-Bicchierai, L. (2026, May 7). Hackers deface school login pages after claiming another Instructure hack. TechCrunch. https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/

Hackread. (2026, May 6). ShinyHunters’ Instructure Canvas LMS and Vimeo breaches impact millions of users. https://hackread.com/shinyhunters-instructure-canvas-lms-vimeo-data-breach/

Wikipedia. (2026c). ShinyHunters. Retrieved May 8, 2026, from https://en.wikipedia.org/wiki/ShinyHunters

Maruf, R. (2026, May 8). Canvas hack: What we know about apparent cyberattack that impacted thousands of schools. CNN. https://www.cnn.com/2026/05/07/us/canvas-hack-strands-college-students-finals-week

Medievalists.net. (2025, November 15). Medieval England’s coin-clipping scandal: The 1279 mass execution of Jews. https://www.medievalists.net/2025/11/medieval-england-coin-clipping-scandal/

Narayanan, A., & Kapoor, S. (2024). AI snake oil: What artificial intelligence can do, what it can’t, and how to tell the difference. Princeton University Press.

The Royal Mint. (n.d.). Sir Isaac Newton and the Royal Mint. Retrieved May 8, 2026, from https://www.royalmint.com/stories/commemorate/sir-isaac-newton-and-the-royal-mint/

Royal Mint Museum. (n.d.). Isaac Newton, Warden and Master of the Royal Mint 1696-1727. Retrieved May 8, 2026, from https://www.royalmintmuseum.org.uk/journal/people/isaac-newton/

Rutgers University. (2026, May 4). Nationwide security breach involving Canvas. Office of Information Technology. https://it.rutgers.edu/alerts/2026/05/04/nationwide-security-breach-involving-canvas/

Sargent, T. J., & Velde, F. R. (2002). The big problem of small change. Princeton University Press. https://press.princeton.edu/books/paperback/9780691116358/the-big-problem-of-small-change

Time. (2026, May 8). What to know about the Canvas cyberattack that’s affected thousands of schools. https://time.com/article/2026/05/08/canvas-cyber-attack-shinyhunters-hack-what-to-know/

Wikipedia. (2026). 2026 Canvas security incident. Retrieved May 8, 2026, from https://en.wikipedia.org/wiki/2026_Canvas_security_incident

Wikipedia. (2026b). Isaac Newton. Retrieved May 8, 2026, from https://en.wikipedia.org/wiki/Isaac_Newton

Yampolskiy, R. V. (2024). AI: Unexplainable, unpredictable, uncontrollable. Chapman and Hall/CRC. https://www.routledge.com/AI-Unexplainable-Unpredictable-Uncontrollable/Yampolskiy/p/book/9781032576268