The learning management system Canvas was recently affected by a security incident in which personal data is reported to have been exposed. Karlstad University takes this situation seriously and is closely monitoring developments in dialogue with the provider and relevant parties.
Update May 12, 13:30
We have received information that the provider of Canvas, Instructure, has reached an agreement with the threat actor responsible for the attack. According to the provider, measures have been taken to limit the spread of the exposed data.
At the same time, Karlstad University continues to manage the incident from a precautionary perspective. It is not possible to determine with certainty how information that has been in the hands of the threat actor has been handled or may be handled in the future. The university’s incident management and security efforts therefore continue on an ongoing basis.
Update 11 May, 12:29
The provider has now confirmed that Karlstad University is one of the organizations affected by the incident. The university has worked on the assumption of this scenario from the beginning and, among other measures, reported the personal data breach to the Swedish Authority for Privacy Protection (IMY) at an early stage.
Update 8 May, 14:44:
Canvas remains available for both students and staff. The university continues to monitor the situation together with the provider and other relevant parties.
As a general precaution following the incident, users are advised to remain extra vigilant regarding potential phishing attempts, for example in email inboxes. Be cautious with unexpected information, emails, or files, and do not click on unknown links.
Original text from 5 May:
At present, there is no confirmed information indicating that Karlstad University or our users have been affected (please note the new info in the update 11 May). At the same time, it is assessed that there is a risk that certain personal data, such as names and email addresses, may have been exposed. The university has activated its incident management procedures, which include informing affected individuals and, if necessary, reporting to relevant authorities.
We will provide updates as soon as more verified information becomes available.
Press and media
Media inquiries should be directed to IT Director Mats Möller.
