It is now clear what data was affected by the cyberattack – less than feared
NEWS
It is now clear which data were accessed by the attackers in connection with the cyberattack on Canvas. At Umeå University, neither personal identity numbers nor UmU IDs were affected. The impact varies between universities.
In early May, the learning platform Canvas was subjected to a cyberattack, which led, among other things, to the system being taken offline for several days. At the time, there were concerns that data relating to students and staff had been leaked outside the system. On 12 May, it was reported that an agreement had been reached between the attackers and Instructure, the provider of Canvas. As a result, the data accessed by the attackers were returned, and Canvas once again became safe to use as normal.
Canvas contains, among other things, contact details, personal identity numbers, study-related information and communication between teachers and students.
Until now, it has been unclear which data the attackers accessed. However, based on new information from the provider, it can now be established that, for Umeå University, the data included:
Names.
Short names/aliases chosen by users.
Messages within Canvas, including both subject lines and content.
Email addresses belonging to individuals who have sent messages to someone within Canvas.
Metadata such as time zone and selected language for the user, as well as internal system metadata, for example when a particular record was updated in the system.
The attackers did not access personal identity numbers, UmU IDs, or large volumes of other personal data relating to students and staff at Umeå University.
Always remain vigilant
The extent of data affected varies between higher education institutions. Umeå University is considered to have been relatively lightly impacted. At some other universities, the attackers accessed significantly larger amounts of data.
“Although this cyberattack is assessed to have had limited impact on Umeå University, it is of course very serious that this type of attack occurs. Unfortunately, such incidents are becoming increasingly common, and we all need to work together to remain vigilant and cautious in order to create safe and secure digital environments,” says Per Ragnarsson, Assistant University Director at Umeå University.
If you suspect any intrusion or malware in your IT environment, it is important to act without delay.
