The attack took place last weekend at the provider of Canvas, a digital learning platform used by multiple universities and universities of applied sciences worldwide, including TU/e. Students and lecturers use it to share course materials, submit assignments, and communicate with each other.

At this time, it is still unclear whether the attack led to the leakage of data belonging to TU/e students and staff, such as names and email addresses, the university said in a message on the intranet.

Data belonging to TU/e students and staff who use Canvas was indeed stolen in the hack. The Executive Board (CvB) announced this in an email to the TU/e community yesterday evening (intranet). The umbrella organization of Dutch universities, UNL, posted an update online. In total, seven Dutch universities were affected by the data theft.

According to Instructure, the company behind Canvas, the hackers obtained names, email addresses, student numbers, employee numbers, and messages exchanged between Canvas users. It is still unknown whether the company complied with the ransom demand from the hacker collective ShinyHunters, which expired yesterday.

Even so, students and staff can use Canvas safely, according to TU/e. Measures have been taken to guarantee this. Instructure has also found no indications that passwords were stolen. In addition, logging in takes place via multi-factor authentication. “There is therefore no need to replace passwords now,” TU/e said.

The Canvas provider is currently investigating which of the approximately 9,000 educational institutions worldwide using the platform have been affected by the attack. Once more relevant information becomes available, it will be shared via Canvas, according to the university.

Internal consultation

After implementing various security measures over the past few days, the platform can now be used safely again, TU/e reports.

This news article has been updated on 7 May, 11:30.

The article was translated using AI-assisted tools and reviewed by an editor