Cyberattack in Canvas – this is what we know

Published

5 May 2026

The supplier of the Canvas learning platform has been the target of a cyberattack in which personal data is believed to have been leaked. We do not yet know to what extent the university has been affected, but we urge everyone to be extra vigilant against phishing attempts.

Update 2026-05-08, 12:25:

All new information about the cyberattack in Canvas will be gathered on the tool page for Canvas: Canvas learning management system

Update 8 May 2026:

There has been a new cyberattack on Canvas, and the learning platform remains closed to logins until further notice to minimise the risk of the breach spreading.

Please keep an eye on your student email in Microsoft Outlook, as this is currently the only way we can contact you directly.

If you need to contact a teacher but do not have the email address, please contact your department for further information.

Update 6 May 2026:

We have received confirmation from the supplier that the University of Gothenburg is on the list of higher education institutions from which the hacker group claims to have obtained data.

The personal data that the provider has confirmed may have been affected by the attack includes names, email addresses of students and staff at the university, student ID numbers, and messages between users. At present, we do not know which of these data have been leaked or to what extent.

This is what we know

What we know at present is that a large number of higher education institutions have been affected by the attack. We do not yet know to what extent the University of Gothenburg has been affected.

The personal data that the supplier states has been affected includes names, email addresses of students and university staff, student ID numbers, and messages exchanged between users.

The University of Gothenburg has reported the incident to the Swedish Authority for Privacy Protection (IMY).

Be aware of phishing attempts

As a precaution, we would like to urge everyone to be on the lookout for suspicious emails that may be attempts at phishing.

Be on your guard for unexpected content or linguistic errors (spelling mistakes or strange sentence structure).
Do not click on links or open attachments unless you are certain the content is legitimate. If you are in any doubt, please check with the sender via another channel of communication.
Never disclose your login details via email or in links or files you have opened via email.

If you receive a suspicious message in your student email, you can forward it to the following email address: incident.response@gu.se

If you have linked your student email to a private email address, please also be on the lookout for suspicious emails in this mailbox.

You can find more information about phishing here: Digital security

Further information

The Canvas supplier has implemented security measures and Canvas is operating as normal. The university is continuously monitoring the threat landscape and adjusting our technical security measures as necessary. We are in regular contact with the supplier to obtain the latest information.

Contact for questions

If you have any questions about the incident, please contact Servicecenter via servicecenter@gu.se.

Please forward any suspicious emails to incident.response@gu.se.