hkr.se/en / Student Web / Library / Safety and Security / På svenska
Student web
05 May 2026

Data breach affecting the Canvas learning platform

The learning platform Canvas, used by several Swedish universities, has been subject to a data breach. At present, we do not know whether Kristianstad University has been affected, nor can the scope of the incident be confirmed. However, the platform does not normally contain sensitive personal data.

According to current information, the breach may involve names and email addresses of both students and staff. Kristianstad University does not store personal identity numbers in the system.

The security issues are reported to have been resolved, and Canvas owner Instructure is working to assess the extent of the breach. Kristianstad University will report the incident to the Swedish Authority for Privacy Protection (IMY).

– We understand that this may cause concern and we are doing everything we can to establish a clear picture of the situation and take necessary measures. As mentioned, we currently have no information indicating whether Kristianstad University is affected, but we will provide updates as soon as more information becomes available, says Christian Isacsson, Head of IT, Kristianstad University.

What is Kristianstad University doing?

  • The incident will be reported to the Swedish Authority for Privacy Protection (IMY). 
  • Kristianstad University already has well-developed email filtering and applies best practices in email security to detect and block malicious or manipulated content.
  • The IT department is maintaining heightened monitoring of the situation.
  • The IT security officer and Data Protection Officer are continuously monitoring developments.

What can I do to protect myself?

Stay vigilant. As contact details such as names and email addresses may have been exposed, there is an increased risk of phishing and fraud attempts.

  • Be cautious if you are contacted by individuals or companies you have not previously interacted with, or if the contact occurs in an unusual way.
  • Be alert to emails referring to the Canvas data breach, for example attempts to impersonate Canvas, the university, or another involved party in order to make you:
    • open malicious links or attachments
    • log in to fake login pages (where your credentials may be stolen)
    • provide additional potentially sensitive information (e.g. financial details under the pretense of compensation).
  • Be skeptical of messages that appear to come from trusted sources but seem unusually convincing.
  • Be cautious with unexpected phone calls and ask to call back. Hang up and call via a known switchboard number or a number you already trust.
  • Never identify yourself using BankID unless you initiated the contact.

Where can I find more information and advice on how to protect myself?

Information Security at HKR, English | HKR.se

Scam calls | The Swedish Police Authority

Digital security (Swedish Civil Defence and Resilience Agency) 

Updated: 2026-05-05 by Sofia Johansson