What happened? 

In a hack targeting the Canvas learning platform, data from 44 Dutch educational institutions was stolen and Canvas was taken offline. Worldwide, the data of roughly 275 million users may be involved. The attack has been claimed by the hackers’ collective ShinyHunters, which was also behind this year’s cyberattack on Odido.

Canvas’s provider (Instructure) has confirmed that the UvA has also been affected.  

From 09:00 on Wednesday morning, 13 May, Canvas will be available again to UvA students and staff. 

Can I use Canvas again? 

Yes, since Wednesday morning, 13 May at 9.00 a.m., Canvas has been available again for UvA students and staff. It may take some time before Canvas functions entirely as you are used to. In the meantime, we are of course remaining extra vigilant for suspicious activity and are monitoring the performance and security of Canvas particularly closely, so that we can act quickly if necessary.

What has happened to my data? 

Instructure, the parent company of the education platform Canvas that was hacked, has reached an agreement with hackers from the ShinyHunters group. Instructure says the data that were recently stolen have been deleted. 

Has a report been made to the Dutch Data Protection Authority?

Yes. Due to the security incident involving Canvas, a preliminary notification has been submitted to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This is required when personal data may have been involved in an incident. Investigations are still ongoing to determine exactly what happened and which data may have been affected. Once this information is known, a final notification will be submitted.

What should I do if there appears to be phishing or fraud?  

Read more about the different forms of fraud or phishing and what action you should take yourself. 

Will I receive my exam results on time?

Because of the hack, lecturers may experience delays in marking exams or assignments. As a result, marking deadlines may not always be met. We appreciate your patience in this matter.  

As a lecturer, how can I continue teaching?

Canvas is now available again and can once more be used for sharing teaching materials, entering grades, and allowing students to submit assignments. If you have made alternative arrangements with students regarding the submission of assignments with an imminent deadline, you may of course continue to honour those arrangements. The Teaching without Canvas page will remain available for the time being.

Who has been affected? 

Students and staff. The scope and which data may have been leaked are not yet clear; we are investigating this.

What data has been leaked? 

Based on the information currently available, this is not yet clear for the UvA. 

What can or should I do myself? 

• It’s important to stay alert to phishing emails. If your email address is part of the data breach, the likelihood of receiving such messages may increase.

How can I prepare for my exam(s)? 

We recommend using Canvas for this wherever possible. If your lecturer has already provided study materials through another method, you may continue to use that.

Do I still need to submit my assignment? 

Lecturers have been asked to be flexible about deadlines where needed. Contact your lecturer to discuss the options. You can find your lecturers’ contact details in the Course Catalogue. 

What should I do if there appears to be phishing or fraud? 

Read more about the different forms of fraud or phishing and what action you should take yourself.

Where can I find the latest news about this incident? 

For more updates on using Canvas, see services.uva.nl. 

Where can I ask questions? 

You can contact the Education Desk of your own degree programme.