Data breach in Canvas – what has happened

Previous information

Update 8 May, 6:30 PM Due to attacks on Canvas, integrations between Canvas and other systems have been temporarily disabled as a security measure.

Canvas remains open, but with some limited functionality. If any member of staff or student at Mid Sweden University is contacted directly by the threat actor, or via a third party, the Police advise that we do not respond.

In such cases, please contact itsupport@miun.se.

Update May 8 at 09:40: Due to new attacks targeting Canvas, integrations between Canvas and other systems have been temporarily disabled as a security measure. This includes integrations within Canvas.

The shutdown means that integrations between Canvas and other systems are currently unavailable, including connections to, for example, Ladok, Kaltura/MiunPlay, Inspera Originality (IO), and Zoom.

This means that:

• Videos stored in Kaltura/MiunPlay cannot be displayed or embedded.
• Zoom meetings cannot be created or managed within Canvas (however, Zoom can still be used independently).
• Results cannot be automatically synchronized from Canvas to Ladok.
• Changes made in Ladok, such as registrations or the creation of courses or course responsibility assignments, do not take effect immediately in Canvas. These changes are instead placed in a queue and will be processed once the integration can be re-enabled.

Canvas remains operational, but with limited functionality while the integrations are disabled.

The new attack has not resulted in any Ladok data being hacked or compromised.

Work is ongoing to manage the situation and restore functionality in a secure manner. Updated information will be published continuously.

Information from May 7, 16:00

In late April, Canvas was affected by a cyber attack targeting the service provider. Personal data has been exposed, and we are one of the affected higher education institutions. The incident is still under investigation, and the University has implemented several measures to strengthen security.

What happened?

On 25 April 2026, Instructure was subjected to a cyber attack in which an external actor exploited a vulnerability in a system provided by the vendor. The attack was detected on 29 April, at which point the identified access was immediately revoked. Instructure publicly disclosed the incident on 2 May.

Has Mid Sweden University been affected?

As a result of the breach, a large international hacker group gained access to personal data such as names, email addresses and content from private messages. It has been confirmed that Mid Sweden University was among the affected institutions.

Mid Sweden University has submitted a notification to the Swedish Authority for Privacy Protection (IMY).

In addition to updating information provided to staff and students, we have also implemented measures to enhance security for system administrators.

The data breach is still being investigated by the vendor in collaboration with several parties, including Sunet. Mid Sweden University is also participating in a small coordinating group with representatives from several higher education institutions that continues to monitor developments related to the incident.

Canvas is a central part of the University’s educational operations, and the system remains in service. At present, there are no recommendations for specific actions for users, other than exercising caution regarding the information shared in private messages within the platform, being vigilant about suspicious emails or other contact attempts, and not sharing login credentials.

Mid Sweden University takes this incident very seriously and will update the information as soon as new and confirmed details become available.