Information about a cybersecurity incident related to Canvas

8 May 2026

SLU’s vice-chancellor has decided to temporarily shut down the Canvas learning platform as a security measure. This decision was made following the attack on Canvas.

The shutdown will remain in place until Monday, 11 May at 12.00. After that, a new decision will be made. University support services are working intensively to manage the incident and keep operations running.

Read more and FAQ. 

7 May 2026

On 30 April, Instructure, the provider of the Canvas learning platform, discovered that it had been affected by a cybersecurity incident. Instructure informed SLU during the night of 1–2 May, but at that time ot could not confirm whether any SLU-related personal data had been affected. On the evening of 6 May, Instructure confirmed that personal data relating to both current and former SLU students, employees and course participants has been affected by the incident. This means personal data has been leaked to the attacker.

Instructure’s investigation is still ongoing, but so far it indicates that information such as names, email addresses, student ID numbers and messages between users may have been leaked. We do not yet know for certain whether everyone with a Canvas account at SLU is affected. For those who are affected, this means that their personal data has been disclosed to the attacker and may be shared further. SLU therefore recommends that all students, employees and course participants (both current and former) remain alert to suspicious emails or login requests and do not share their login details.

SLU has reported the personal data incident to the Swedish Authority for Privacy Protection (IMY) and will supplement the report as soon as the investigation is complete. A number of technical security measures have already been implemented, and further measures are being considered. SLU’s own incident response team continues to monitor developments, and updates will be provided on an ongoing basis as information is confirmed.

If you have questions about the incident, please contact canvas@slu.se.

SLU’s data protection officer can be reached at dataskydd@slu.se.

6 May 2026

No new information available.

5 May 2026

According to the provider Instructure, the breach was discovered on Friday, and the attackers may have accessed names, messages, and email addresses.

SLU has no confirmed information that the university has been affected by the attack.

SLU is monitoring the situation closely and is receiving ongoing updates from the provider. An internal incident group has been assembled and is actively working on the matter.

As a precautionary measure, we recommend that you:
• remain vigilant for suspicious emails or login requests
• do not share your login credentials

We will provide continuous updates via SLU’s websites.