Current information
May 8, 2026
Update at 12:00: Read the news about what we know so far.
Update at 10:30: Canvas has been shut down as a security measure to prevent any further external interference. It will remain closed at least until 13:00 on Monday 11 May. If you have any questions regarding instruction, examinations, and assessment, please contact the teacher who is responsible for the course.
Questions and answers
Here you will find questions and answers about the cyber security incident on the Canvas learning platform.
What has happened?
The company Instructure, which provides the Canvas learning platform, has been affected by a cyber security incident. Umeå University has been informed that we are one of more than 40 Swedish higher education institutions impacted. The scope of the incident is still unclear.
Umeå University urges all Canvas users to remain especially vigilant regarding potential phishing attempts.
What measures has Umeå University taken?
Umeå University has decided to shut down Canvas, initially until Monday 11 May at 13:00, while awaiting further information from the provider of Canvas.
Our incident response procedures have already been activated. We are closely monitoring developments and taking the necessary actions to ensure that teaching can continue in a secure manner.
Does Canvas need to remain closed until Monday?
At present, we are doing everything we can to minimise security risks. For this reason, we need to await more detailed information from the provider of Canvas so that we have the correct basis for deciding when it is safe to reopen the system.
Can I use or access anything on Canvas?
No, you cannot access anything on Canvas at this time. Canvas has been taken offline as an extra security measure, initially until 13:00 on Monday 11 May.
Will teaching, assignments or examinations in Canvas be affected?
Yes, since Canvas is unavailable, your teaching may be affected. The consequences and measures taken will vary between courses. Please contact your teacher who is responsible for the course for more information on how to handle your specific Canvas-related tasks.
Has any of my data on Canvas been compromised?
We have not received confirmation that any personal data has been compromised, but we always urge caution regarding various phishing attempts.
If Umeå University receives confirmation that personal data has been compromised, we will notify you through the appropriate communication channels.
Which of my data might have been compromised?
Canvas contains contact information such as names, email addresses, and personal identitication numbers for students and staff at the University. It also contains study-related data, such as quizzes, assignments, and communications between teachers and students. At this time, it is unclear which data the attacker may have accessed and whether any of it has been disclosed to third parties.
Do I need to change the password for my UMU account?
No, not because of the breach in Canvas. However, if you are unsure whether you may have shared your password in any other context, we recommend that you change it.
You can change the password for your UMU ID on the My Settings page.
What should I do if I have clicked on a suspicious link or disclosed my password?
We are not aware of any suspicious links within Canvas, and students at Umeå University do not have passwords stored in Canvas. Authentication is carried out using your username (UMU ID) and password via the University’s central login service.
The general advice, if you are uncertain whether your password may have been compromised, you should always change it. If you want to change the password for your UMU ID, you can do so on the My Settings page.
How can I protect myself against phishing?
Phishing is a common method used to obtain passwords or banking and card details. Attackers send mass emails to a large number of recipients in the hope that some will respond. The email may appear to come from a bank or another well-known organisation.
Checklist to protect yourself against phishing and malicious software:
- Examine the email carefully and make sure you can see the full sender email address before opening an attachment or clicking on a link. Is the message expected? Does the sender normally write in this way?
- Be cautious and do not click if the message urges you to, for example, disclose card or bank account numbers or passwords, download attachments or software, or act urgently.
- If you are suspicious, verify the sender through channels other than those stated in the message, or refrain from opening or clicking.
- If Umeå University appears to be the sender, please forward suspicious emails to abuse@umu.se.