1. uit.no
  2. news
  3. short news
  4. Security breach in Canvas

Security breach in Canvas

The provider of the learning management system Canvas reports that it has experienced a security breach. UiT has secured its systems, and Canvas can be used as normal.
logo canvas
Canvas is developed by the American company Instructure. Foto: Instructure
Hopp til artikkelens forfatter(e)
Portrettbilde av Rydland, Kjetil
Rydland, Kjetil kjetil.rydland@uit.no Kommunikasjonsrådgjevar / faggruppeleiar
Publisert: 07.05.26 13:27 Oppdatert: 07.05.26 13:35
About UiT

There has been a security incident at Instructure, which provides the Canvas learning platform. The security vulnerability has been closed, and UiT is working to establish a full clarification in dialogue with Sikt, which delivers the system to the higher education sector in Norway.

UiT has implemented a number of preventive measures to ensure that the incident does not affect other parts of our operations. The supplier states that unauthorised parties have been shut out of the system.

Canvas can therefore be used as normal.

No action is required

Instructure has confirmed that UiT is affected by the incident, but the scope is unknown. Both current and former users may be affected.

The following user information may potentially have been compromised:

  • Name
  • Email addresses
  • Student identification numbers
  • Messages between users

Login to Canvas takes place via FEIDE, and passwords are therefore not shared with Canvas. Students and staff do not need to take any action.

Nevertheless, we ask everyone to be especially alert to phishing attempts and unusual emails or messages requesting information or login details. Do not share passwords or one-time codes (MFA/two-factor authentication) with anyone.

If you discover suspicious messages, use “Report suspicious email” in Outlook (phishing reporting), or forward the message to sikkerhet@uit.no (preferably as an attachment, including the full email header). Unsure what phishing is? More information can be found here.

Questions or need help?

Contact Orakelet.

The data breach may affect over 9,000 educational institutions and more than 250 million users worldwide. The supplier states that the incident took place over a few days towards the end of April. UiT has notified the Norwegian Data Protection Authority about the incident.

Follow updates at https://en.uit.no/sikkerhet/canvas for more information and developments. See also updates from the service provider SIKT (Norwegian only).

Kortnytt fra
Rydland, Kjetil kjetil.rydland@uit.no Kommunikasjonsrådgjevar / faggruppeleiar
Latest news from UiT
Samis sitter around in a circle drinking coffee and smoking a pipe. A very old black and white photo.
Why is it important to use Sami place names?
Illustration of chatbots like Gemini, Claude, Copilot, DeepSeek and ChatGPT
What affects chatbots' ability to solve logical problems?
Three happy men with a diploma on a stage
Støre Presents the Mohn Prize to Canadian Researcher
Flere personer sitter på en scene.
“Norway lacks a clear vision”