Suspected data breach in Canvas
There has been a cybersecurity incident and a probable data breach on the Canvas learning platform. KTH has stepped up monitoring of the system and has implemented technical security measures.
KTH is one of many higher education institutions that have been affected in Sweden and internationally. The information that may have been exposed includes user data such as name, email address, student ID, and messages exchanged between users in Canvas. This means that phishing emails in the near future may be more sophisticated, for example, containing familiar names and relevant information mixed with manipulated content.
Currently, there is no information indicating that passwords have been compromised. If you are a student you may, as a precaution, choose to change your password. Remember to use strong and unique passwords.
Information on KTH account and how to change your password
The incident has been reported
KTH has received information about the cybersecurity incident from Sunet (Swedish University Computer Network) and Canvas’s provider, Instructure. An investigation is ongoing at Instructure, together with external security experts. KTH is closely monitoring the situation and maintains ongoing dialogue with Sunet and Instructure.
KTH has reported a suspected personal data incident to the Swedish Authority for Privacy Protection (IMY). The incident has also been reported to the Swedish Civil Defence and Resilience Agency (MCF). KTH is also conducting our own assessment of the incident in accordance with applicable regulations.
The information is updated continuously.