The security incident in Canvas

Here you will find questions and answers about the cybersecurity incidentaffecting the Canvas learning platform.

What do we know at this stage?

Update 6 May 17:15

The Swedish Defence University has now received confirmation that the university is one of 31 Swedish higher education institutions affected by the cybersecurity incident involving the Canvas learning management system.

However, the scope of the incident is still unclear, and at present we have no information about how the threat actor gained access to the Swedish Defence University’s Canvas installation or what information they may have accessed.

The provider of Canvas, Instructure, has confirmed that it has been affected by a cybersecurity incident. It is likely that certain user information may have been leaked from the system, such as names, email addresses, student IDs and messages.

The full extent of the incident remains unclear, but the Swedish Defence University urges all Canvas users to change their passwords and remain particularly vigilant against phishing attempts. Employees and students who log in using a Swedish Defence University account (XXX@fhs.se, stuXXX@student.fhs.se, or extXXX@visitingfellow.fhs.se) and access the system via single sign-on (SSO) do not need to change their passwords.

What measures has the Swedish Defence University taken?

An email was sent to all Canvas users on 5 May advising them to change their passwords. Information about the incident has also been communicated directly through Canvas.

We have conducted a technical and information security analysis and implemented measures to protect personal data. We have also reviewed the integrations between Canvas and other IT systems. So far, the investigation has found no indication that the incident has spread to other systems through our integration solutions, but the analysis is still ongoing.

The Swedish Defence University is monitoring developments and will adjust its measures if necessary.

Is it safe to use Canvas?

Instructure, the provider of Canvas, states that it has implemented enhanced security measures and that Canvas is operating as normal. We recommend that all users change their Canvas passwords. Employees and students who access Canvas via single sign-on (SSO) do not need to change their passwords.

How do I change my password in Canvas?

The video guide demonstrates how to change your password in Canvas Catalog.
Link to the video guide

Follow the link to change your password: https://fhsedu.instructure.com and click on Other users.

For users who have forgotten their password:

• Select Forgot password when logging in
• Enter your email address and click Request Password
• Click the reset link sent to your email from notifications@instructure.com and follow the instructions to change your password

Please note that it may take some time for the reset email to arrive and that it may occasionally end up in your spam folder.

For users who know their password:

• Log in to Canvas
• Click Account in the left-hand menu
• Select Settings
• Click Edit Settings
• Change your password
• Save

How can I protect myself against phishing?

Phishing is a common method used to obtain passwords or banking and card details. Attackers send mass emails to large numbers of recipients in the hope that some will respond. The email may appear to come from a bank or another well-known organisation.

Checklist for protecting yourself against phishing and malware:

• Examine the email carefully so that you can see the sender’s full email address before opening any attachment or clicking on a link. Is the message expected? Does the sender usually write in this way?
• Be cautious and do not click on anything if the message asks you to provide card details, account information or passwords, download attachments or software, or act urgently.
• If you become suspicious, verify the sender through channels other than those provided in the message, or refrain from opening or clicking anything.
• If you are employed by the Swedish Defence University, or if the Swedish Defence University appears as the sender, suspicious emails should be forwarded to abuse@fhs.se.

Where can I find more information about the incident?

• SUNET (the Swedish University Computer Network), which provides Canvas to Swedish higher education institutions, is publishing information about the incident on its website: News - Sunetwiki

• Further information about digital security is available, for example, on the website of the Swedish Civil Contingencies Agency

• If you have questions regarding your Canvas account at the Swedish Defence University, please contact lms@fhs.se

• Suspicious emails should be sent to abuse@fhs.se