University of Gothenburg
  2. News and events
  3. Regarding the incident in the Canvas learning platform

Regarding the incident in the Canvas learning platform

The supplier of the Canvas learning platform was subjected to two cyberattacks on 29 April and 7 May. On this page, you will find a summary of the incidents.

What has happened 

On 29 April, the supplier of the Canvas learning platform discovered that it had been subjected to a cyberattack in which personal data is likely to have been compromised. In total, 9,000 higher education institutions worldwide may have been affected by this attack, and personal data relating to 275 million users is suspected to have been leaked. 

Following this initial incident, Canvas continued to function as normal.

On 7 May, Canvas was hit by a further cyberattack. This was detected quickly and the supplier shut down the learning platform. No further data was leaked in this attack. 

Who is affected by the incident? 

We do not yet know exactly who has been affected by the personal data breach. However, anyone who has or has had an account on Canvas via the University of Gothenburg may be affected, i.e. current students, former students, current staff and former staff. 

What data is affected?  

The personal data that the supplier states may have been affected is: 

  • Name
  • Email addresses of students and staff at the university. This primarily concerns your GU email address, but if you have chosen to link your GU email address to a private email account, this account may also be affected.
  • Student ID number. This may mean that data in the field containing personal identification numbers is affected. However, we have not yet received confirmation of this from the supplier.
  • Personal messages between users on the Canvas platform.
  • Profile settings, such as language preferences and chosen pronouns (if the user has set these).
  • Certain metadata relating to the user account.
  • The URL of the profile picture in Canvas (if a profile picture has been uploaded).

At present, we do not know which of these data may have been leaked or to what extent The supplier is continuing to investigate the incident.

The initial information from the supplier included course registrations in Canvas in the list of data likely to have been affected. The latest information from the supplier does not include registrations.

The supplier states that no passwords have been affected. 

Measures taken by the supplier and the university  

The  supplier  has implemented security enhancements to restore the security of the platform and thereby address the underlying vulnerability. The  supplier has also engaged external experts to investigate the incident and has notified law enforcement agencies.  

The supplier is actively working to determine the extent of the incident and has taken steps to minimise the risk of data being compromised. The supplier is providing regular updates.

The supplier’s information (Instructure.com)

The Swedish Research Council, which coordinates the Canvas learning platform for Swedish higher education institutions via  Sunet, has reported the incident to the police.  

Measures taken by the University of Gothenburg:  

  • We have reported the incident to the Swedish Authority for Privacy Protection  (IMY) and to the Swedish Civil Defence and Recilience Agency (MCF)
  • Following the incident, we published general information in the Staff Portal, the Student Portal and in Canvas.
  • We are continuously  monitoring  the threat landscape and adjusting our technical security  measures  as necessary.  
  • We are implementing enhanced technical measures on the learning platform. 
  •  Increased readiness to deal with enquiries  regarding  the incident. 
  • We are continuing to monitor the situation and are in regular contact with the Swedish Research Council/Sunet, the supplier and other higher education institutions. 

Steps you can take yourself 

We urge everyone to be extra vigilant against phishing attempts. Look out for grammatical errors, inaccuracies regarding, for example, titles, contact details, the tone of the message or the content itself, as well as requests to disclose your login details via email. 

Do not click on links or open attachments unless you are certain that the content is legitimate. If you are in any doubt, please verify with the sender via an alternative channel. 

Contact regarding questions about the incident 

Contact Servicecenter via servicecenter@gu.se

Last modified