The Canvas learning platform has been subject to a cybersecurity incident

This text will be updated continuously.

Updated 12 May at 8:30 a.m.

• The Canvas provider, Instructure, has announced that it has reached an agreement with the actor behind the cybersecurity incident. As a result, it is considered unlikely that any information will be leaked further, and the risk of material being disseminated has been significantly reduced.
• The University assesses that Canvas will not need to be shut down again going forward, provided that no unforeseen events occur. Operations will therefore continue as normal.
• The University is now returning to normal operations. At the same time, we will continue to monitor the situation closely and remain in ongoing dialogue with both the provider and other Swedish higher education institutions.

Updated 11 May at 3:45 p.m.

Be alert to fraud attempts

According to the provider, the information affected by the incident includes usernames, email addresses, course names, registration information, and messages.

The University therefore recommends being extra vigilant regarding suspicious emails, text messages, or phone calls, and avoiding clicking on links in suspicious messages.

If your contact details have been leaked, you may be exposed to phishing attempts.

Be particularly cautious of:

• Messages urging you to click on a link
• Requests to log in or provide personal information
• Unexpected emails or text messages, even if they appear to come from friends, colleagues, or trusted senders

Never disclose passwords or one-time verification codes.

If you suspect that you have been targeted by a fraud attempt or if you have any questions, please contact: support@du.se

Updated 11 May at 9:00 a.m.

• Canvas will reopen today, Monday, at 11:00 a.m.
• Dalarna University will continue its work on follow-up measures, security improvements, and continuity planning in order to strengthen the handling of similar incidents in the future.

Information from the Canvas provider

Canvas is a learning management system provided by the company Instructure and used by several universities and higher education institutions internationally.

• The provider states that Canvas is now fully operational and remains safe to use.
• Together with cybersecurity experts, the Canvas provider has continued to analyse the sequence of events and implement additional security measures within the system.
• The second incident, which took place on the evening of Thursday 7–8 May, affected seven Swedish higher education institutions, but not Dalarna University. During the incident, the Canvas homepage was replaced, but according to the provider, no new information was leaked.
• The information affected by the first incident on 2 May involved the criminal threat actor gaining access to data such as usernames, email addresses, course names, registration information, and messages. Core data within the learning platform, such as course content, submissions, and login credentials, was not affected.

Updated: 8 May at 3:20 pm

• Canvas will be temporarily closed from Friday, 8 May at 16:00 until Monday at 11:00 as a security measure.
• The plan is to reopen Canvas on Monday at 11:00.
• This measure is being taken to reduce the risk of impact on systems and information.
• Our ambition is to minimize the impact on students and teaching activities. If you are a student with assignments due during this period, your teacher will contact you as soon as possible.

Updated: 8 May at 9:35 am

• The threat actor has announced that they are currently carrying out new attacks against Canvas. Several Swedish higher education institutions are affected.
• At present, Dalarna University’s learning platform and teaching activities are not affected.
• We are implementing security measures and are closely monitoring developments in consultation with the supplier and other Swedish higher education institutions.

Updated: 6 May at 1:40 pm

• Dalarna University has received confirmation from the supplier that we are among those affected. At present, it is unclear what information may have been leaked.
• Dalarna University is taking appropriate measures and remains in close contact with the supplier.

5 May at 9:30 am

What has happened?

• On 2 May, the supplier of the University’s learning platform, Canvas, informed us that they had been subject to a cybersecurity incident carried out by a criminal threat actor.
• The supplier is actively investigating the incident with the support of external forensic experts.
• The University is monitoring the situation.

How are students and staff affected?

• Canvas is operating as normal.
• We will inform if any personal data has been compromised.