Data breach in the Canvas learning platform
Further information regarding this incident will be published as a staff and student news item.
Earlier versions of the message
-
Data breach in the Canvas learning platform
Impact on Inspera Originality (IO)
In connection with the data breach in Canvas, the integration between Canvas and Inspera Originality (IO) has also been affected.
Due to security measures implemented in Canvas, the connection to Inspera Originality (IO) is currently not fully operational. This may result in text matching not being carried out as expected for certain student submissions made via Canvas.
Work is ongoing to restore the functionality. Once the necessary updates have been completed, text matching will function as normal again.
-
Data breach in the Canvas learning platform
What has happened?
On 2 May, Canvas was affected by a data breach, resulting in the exposure of data such as names, email addresses and private messages.
It has been confirmed that Mid Sweden University (Mittuniversitetet) is among the affected higher education institutions.
At present, there are no indications that passwords, dates of birth, national identification numbers or financial information have been compromised.
What happens next?
The incident is being investigated by the supplier in collaboration with several parties, including SUNET. Mid Sweden University is closely monitoring the situation and working together with the relevant stakeholders.
Mid Sweden University has submitted a personal data breach notification to the Swedish Authority for Privacy Protection (IMY).
Canvas is a central part of the university’s educational activities and the system remains operational. At this time, there are no recommended actions for users other than to exercise caution regarding the information shared in private messages within the platform.
Mid Sweden University takes this incident seriously and will update this operational information when new and verified information becomes available.
Global hacker attack
Instructure, the company behind Canvas, has confirmed that personal data such as names, email addresses and the contents of private messages (Canvas inbox) have been exposed.
An estimated 275 million users are believed to have been affected by the breach.
The extortion group ShinyHunters has claimed responsibility and states that it has obtained 3.65 terabytes of data.
-
Security incident in Canvas
Continued dialogue is ongoing with Sunet and the supplier regarding the incident. Canvas is operating as normal.
We will provide an update when we receive more information.
-
Security incident in Canvas
On 2 May, a security incident occurred in the learning platform Canvas. In some cases, users’ names, e‑mail addresses and direct messages in Canvas may have been affected.
We are currently investigating whether this impacts students or staff at our institution. At present, there is no confirmed information indicating that our Canvas users have been affected.
We are monitoring the situation closely, are in close contact with the supplier, and will provide an update as soon as more information is available.