Current status of the Canvas data breach

Canvas will be available to students again from 3 pm on Wednesday 13 May. A thorough risk assessment has been carried out. Since yesterday, the platform has been used on a limited basis by lecturers and has been closely monitored. No issues have been identified. Based on the current information, there are no indications that student documents have been affected. This confirms the view that access was limited to user data such as student numbers or email addresses, as previously communicated. 

Students have been informed by email about the availability of Canvas.

Now that the use of Canvas has resumed, daily updates will no longer be posted on this page.

The University of Twente will start a phased reopening of Canvas today at 5.00 pm. This decision was taken this afternoon by the UT’s Central Crisis Team (CCT). As part of this decision, UT lecturers will regain access to Canvas. UT students do not yet have access to the environment at this time.

Why is the UT choosing a phased reopening?

The UT has made a careful and proportionate assessment, balancing security, continuity of education and the impact of the prolonged unavailability of Canvas on students and staff. Technical and organisational measures have been taken, including enhanced monitoring and assessments of connections with other systems.

Why are lecturers given access first?

Lecturers are being given access first so they can retrieve teaching materials from Canvas and prepare for possible alternative scenarios should new security issues arise around Canvas. In addition, this limited group allows the UT to closely and carefully monitor the environment. This includes monitoring unusual behaviour in our systems and signals reported by lecturers.

UT lecturers will receive instructions today regarding the use of Canvas. In addition, an FAQ for lecturers is available on the UT’s internal service portal.

When will students regain access?

Tomorrow (Wednesday 13 May), a decision will be made about a possible next phase in which students may also regain access to Canvas. More information will follow once there is further clarity.

Despite this latest development, it remains uncertain whether any leaked data could still be distributed further. We therefore ask students and staff to remain alert to phishing emails.

The University of Twente has taken note of reports from Instructure stating that an agreement has been reached with the hacker group involved in the security incident affecting Canvas. This new information is currently being included in the further assessment of the situation.

The UT is currently investigating whether an earlier and controlled reopening of Canvas is possible. This assessment includes the technical security of the system, remaining risks and the possibility of scaling down access quickly if new threats emerge. A further update will follow later this afternoon.

Why are some universities already back online?

Each university is making its own assessment. This depends in part on differences in technical infrastructure, connections with other systems and the way Canvas is used within each institution.

The agreement reached between Instructure and the hacker group does not currently change the technical security assessment of Canvas for the UT. Therefore, the University of Twente continues to carry out a careful risk analysis before making a decision about reopening Canvas.

Ensuring the continuation of education and examinations remains the highest priority.

Canvas has been unavailable to students and staff of the University of Twente as a precautionary measure since 8 May. This decision was taken for security reasons. In consultation with other Dutch universities, it appears that most institutions are following the same approach. The UT will make a decision by the end of this week on whether Canvas can be made available again from Monday onwards.

Ensuring the continuation of education and examinations is our highest priority. In many cases, lecturers and students have found alternative ways to continue their activities. We realise this requires additional time and effort from everyone involved. Naturally, we want to return to the regular situation as soon as possible. However, we remain dependent on the supplier and the assurances they provide.

Assessment of additional information

The University of Twente is currently awaiting relevant information from Instructure, the parent company of Canvas, regarding the security incident and the restoration of security measures at Instructure. We expect to receive this information during the course of this week.

As soon as this information becomes available, it will be assessed directly by our own specialists and independently reviewed by external experts. This assessment includes both the technical security of the environment and the legal aspects of the situation.

Decision-making

Based on these assessments, a decision will be made on whether and how Canvas can be made available again. Until then, the environment must unfortunately remain unavailable.

Phased reopening

When restoring access to Canvas, we are explicitly considering a phased approach. This would involve initially granting access to a limited and monitored group of users, such as lecturers who require materials from Canvas for educational purposes. For each subsequent phase, it must be clear which users will receive access, under what conditions, and what information they require.

Impact

We realise that this situation continues to affect education and the daily work of students and staff, and we are doing everything we can to provide clarity as quickly as possible.

As previously announced, a new update will be published daily by 4.00 pm, or earlier if developments require it.

Due to ongoing security measures, Canvas will remain unavailable for UT students and staff at least until Wednesday (13 May). Further steps are currently being prepared to safely restore the environment. We will provide more information as soon as possible.

For questions, the LISA Service Desk remains the first point of contact.

Seven Dutch research universities are being affected by the hack of Canvas. They are collaborating to learn more about the consequences and how to proceed. Learn more about their joint efforts on the website of Universities of the Netherlands, the umbrella organisation of Dutch research universities (in Dutch).

The University of Twente asks students to closely monitor their UT email, as many study programmes are now using email as the primary communication channel between lecturers and students.

• Mail sent to all UT students
• Mail sent to all UT staff 

At the University of Twente, the Canvas learning platform is currently unavailable for UT users. This is a precautionary measure following the security incident involving Canvas provider Instructure, about which previous communication has been shared. UT education will continue as normal today (08-05-26, unless communicated otherwise).

At present, we are carefully investigating the situation together with other Dutch educational institutions and external specialists. To safeguard the security of systems and data, it has been decided to temporarily disable access to Canvas.

We understand that this may impact education, work and communication, and that it may raise questions or concerns. Work is currently underway to safely restore the service as soon as possible.

The joint statement from the affected universities in the Netherlands regarding the Canvas hack can be found here.

The University of Twente has taken note of reports published regarding a data breach at Instructure, the provider of the Canvas learning platform. This concerns a security incident in which user data may have been compromised worldwide. Instructure has confirmed that UT has also been affected. We understand that this may raise questions. In this message, you will find an update based on the information currently available.