Illustrasjonsbilde
Norsk flagg   

Sequrity breach in Canvas

There has been a security incident at Instructure, the provider of Canvas LMS. The situation is being clarified in dialogue with Instructure and Sikt, and updates will be provided on this website as new information becomes available.

See also updates from the service provider (SIKT)

   Latest announcement from UiT:

07.05.2026 13.25:

Instructure, the provider of the Canvas learning platform, has confirmed that a security incident occurred over a few days at the end of April. Instructure has confirmed that UiT is affected by the incident, but the extent of the impact is not yet clear. Both current and former users might be affected.

UiT has implemented a number of preventive measures to ensure that the incident does not affect other parts of our operations. The provider has stated that unauthorized parties have been locked out of the system. Canvas can therefore be used as normal.

The following user information may potentially have been exposed:

  • Names
  • Email addresses
  • Student identification numbers
  • Messages between users

Login to Canvas is done via FEIDE, and passwords are therefore not shared with Canvas. Students and staff do not need to take any action.

   Frequently asked questions / FAQ

1. Do I need to change my password?

No, at UiT we use Feide login, and passwords are not stored in Canvas.

2. Is Canvas safe to use?

Yes, Instructure (the provider of Canvas) has confirmed that the system is safe to use, and the threat actor has been locked out of the system.

3. What does this mean for me?

Your name, student number, UiT email address, and potentially messages you have sent in Canvas may have been exposed. We have no reason to believe any other information is affected by the breach.

4. What do I need to do?

You need to be extra vigilant about the emails you receive. If you receive emails that appear to come from Canvas or UiT, examine them carefully. Do not open attachments or click on links if you are unsure about them. Never provide sensitive information, such as account or credit card numbers, via email.

If you notice suspicious messages, use the "Report suspicious email" feature in Outlook (phishing reporting) or forward the message to sikkerhet@uit.no (preferably as an attachment, including the full email header). Curious about what phishing is? You can find more information here.

5. Can I get more information?

This website will be updated as soon as we receive more information. Depending on the severity and scope of the information we receive, we will decide how to inform students and staff at UiT.


Questions or need assistance? Contact Orakelet

If you notice suspicious messages:

Use the "Report suspicious email" feature in Outlook (phishing reporting), or forward the message to sikkerhet@uit.no (preferably as an attachment, including the full email header).

Questions or need assistance? Contact Orakelet: https://uit.no/orakelet

External links:

FAQ from Canvas provider Instructure