Update 19 May, Canvas proven stable and secure
12 May 2026
In recent days, Canvas has proven to be stable and secure. All links related to teaching activities have been restored and are active. We will, of course, continue to actively monitor Canvas and pay close attention to any signs that may indicate irregularities.
Like other universities, the UvA is reporting the hack to the police. In addition, the UvA is working with Universities of the Netherlands (UNL) on a supplementary notification to the Dutch Data Protection Authority (AP); a preliminary notification has already been submitted to the AP.
Canvas will be available again to UvA students and staff on Wednesday 13 May at 09:00.
Based on what we currently know, we believe it is responsible to make Canvas available again. Because delivering education without Canvas creates additional workload for staff and causes stress for students, it is important that we do so as quickly and responsibly as possible.
We can never guarantee that our systems are 100% secure, but supplier Instructure has confirmed that the data obtained during the hack have now been secured. Naturally, we are doing everything we can to ensure a swift and smooth go-live, but it may take a little while before Canvas works exactly as you are used to. In the meantime, we are extra alert to suspicious activities and are closely monitoring Canvas’s performance and security so that we can act quickly if needed.
On Tuesday 12 May, supplier Instructure reported that they have received confirmation from the hackers behind the Canvas attack that the illegally obtained data have been deleted and will not be published. UvA technicians are currently analysing the system’s status to assess whether Canvas can be brought back online in a stable and secure manner. Further information will follow later today.
Due to significant technical uncertainties, Canvas will also remain closed to UvA users on Tuesday 12 May.
We expect to receive an up-to-date report from the software supplier, Instructure, tomorrow. We will have this information reviewed by internal and external experts. Depending on their findings, a decision will be taken on whether Canvas can be reopened in phases from Wednesday, or whether the security risks are still too great.
Matching for prospective students also takes place via Canvas and is therefore not possible at the moment. If you are a prospective student, please don’t worry. As soon as the system is up and running again, you will receive an email and can still proceed.
We hope to post a new update on this page on Tuesday evening, 12 May.
Canvas remains offline. UvA technicians are determining how to restore the system to safe use. On Monday morning, lecturers received an email with advice and a link to a dedicated Teaching and Learning Centre (TLC) page with more information.
We expect to provide a further update by the end of the day on Monday.
Check our FAQ page for general questions.
Unfortunately, Canvas software provider Instructure is still unable to give us sufficient assurances about the system’s security. Canvas will therefore remain offline for UvA students and staff on Saturday and Sunday.
Work on a solution is ongoing. We do not yet know whether this will be in place by Monday. We must therefore take into account that Canvas may still be unavailable after the weekend. Teaching in the week of 11 May will, in principle, proceed as scheduled, even if Canvas is not yet available. In that case, students and staff will experience limitations. A webpage with advice and practical tips will be provided for lecturers.
Having to switch off Canvas requires a great deal of flexibility from both students and lecturers. We thank everyone for that flexibility—and for your patience and understanding. We will of course do everything we can to return to normal as soon as possible.
We will continue to publish general information here.
Read the joint statement (in Dutch) by Universities of the Netherlands.
All universities have disconnected Canvas. The universities are calling on users with an active session to log out of Canvas and not use it until further notice.
Canvas will remain offline on Friday 8 May. There is still too much uncertainty about the security of the system. A new update will follow on Saturday 9 May at 11:00.
Canvas has been taken offline. On Thursday evening, 7 May, the hacker group ShinyHunters posted a message claiming they have regained - or still have - access. As a precaution, Canvas has been taken offline. More information will follow.
Further updates on services.uva.nl
Instructure has now formally notified the universities. The company has also indicated that the hackers no longer have access to the system and that it has implemented additional security measures.
Based on the information currently available from Instructure, basic details of students and staff at the seven universities were leaked. These include names, email addresses and possibly Canvas IDs or student and staff numbers. According to Instructure, no passwords, dates of birth, identity documents, bank details or other special category personal data were leaked.
Dutch universities are taking the incident very seriously. The universities concerned have informed their students and staff and are asking them to be vigilant about possible phishing emails following the data breach. In addition, each university has made a provisional notification to the Dutch Data Protection Authority and is in close contact with each other and with SURF.
Further steps will be taken on the basis of additional information from Instructure. The universities have not been approached by the hackers to pay a ransom for the data.