Information About the Data Breach Affecting the Canvas Learning Platform

The Canvas provider Instructure has been affected by a security incident impacting several higher education institutions, including the University of Gävle. The incident concerns data stored in Canvas. The data breach has been reported to the Swedish Authority for Privacy Protection (IMY), and a police investigation is underway.

The information that may have been exposed includes names, email addresses, and internal messages within the Canvas learning platform. There are indications that personal identity numbers may be included in the affected data, but this has not been confirmed.

The University is monitoring the situation together with the provider, who is responsible for investigating the scope and underlying causes of the incident.

“We take this incident very seriously and are closely monitoring the situation together with the relevant parties,” says Jan Nordin, IT Manager at the University of Gävle.

There are no signs that the University’s other IT systems have been affected.

“At present, we do not have a complete picture of which data has been affected. The most important thing for users is to remain vigilant regarding emails or other digital contact attempts that appear suspicious,” says Jan Nordin.

Canvas remains operational and can be used as usual by the University’s students and staff. According to the provider Instructure, there is no further risk of intrusion.

The data breach has been reported to the Swedish Authority for Privacy Protection, and a police investigation regarding the incident is ongoing.

If you have any questions or need support, please contact IT Support via service.hig.se External link.