Data breach in the Canvas learning platform
Canvas was recently the target of a data breach in which data such as names, email addresses and the content of private messages was leaked. It has been confirmed that students and staff using Canvas at Karolinska Institutet have been affected.
Karolinska Institutet uses the learning platform Canvas, a cloud-based service for providing information and facilitating communication about programmes and courses. The platform is used by thousands of educational institutions around the world, and other Swedish higher education institutions that use the service are also affected.
KI takes the situation seriously, and various offices within the university are working together to address it. The learning platform is an essential part of KI’s educational activities; in the short term, there are no alternatives to this service, and it is currently operating as normal.
Karolinska Institutet advises users, as a precautionary measure, to be careful about what they write in private messages.
There is no indication that any passwords have been leaked. We will provide further information as soon as possible.
Global hacker attack
- Instructure, the company behind Canvas, has confirmed that personal data such as names, email addresses, student IDs and the contents of private messages (Canvas inbox) have been exposed.
- As many as 275 million users may have been affected by the breach.
- The ShinyHunters extortion group has claimed responsibility and claims to have obtained 3.65 terabytes of data.