Data breach in Canvas – what has happened
In late April, Canvas was affected by a cyber attack targeting the service provider. Personal data has been exposed, and we are one of the affected higher education institutions. The incident is still under investigation, and the University has implemented several measures to strengthen security.
What happened?
On 25 April 2026, Instructure was subjected to a cyber attack in which an external actor exploited a vulnerability in a system provided by the vendor. The attack was detected on 29 April, at which point the identified access was immediately revoked. Instructure publicly disclosed the incident on 2 May.
Has Mid Sweden University been affected?
As a result of the breach, a large international hacker group gained access to personal data such as names, email addresses and content from private messages. It has been confirmed that Mid Sweden University was among the affected institutions.
Mid Sweden University has submitted a notification to the Swedish Authority for Privacy Protection (IMY).
In addition to updating information provided to staff and students, we have also implemented measures to enhance security for system administrators.
The data breach is still being investigated by the vendor in collaboration with several parties, including Sunet. Mid Sweden University is also participating in a small coordinating group with representatives from several higher education institutions that continues to monitor developments related to the incident.
Canvas is a central part of the University’s educational operations, and the system remains in service. At present, there are no recommendations for specific actions for users, other than exercising caution regarding the information shared in private messages within the platform, being vigilant about suspicious emails or other contact attempts, and not sharing login credentials.
Mid Sweden University takes this incident very seriously and will update the information as soon as new and confirmed details become available.