Canvas cybersecurity incident – please be extra vigilant
The provider of our Canvas virtual learning environment has informed the University of Birmingham about a global cybersecurity incident on the platform. Many universities worldwide are similarly impacted.
What we know is that data associated with the University has been accessed, including names, email addresses, student ID numbers, and messages exchanged in Canvas.
The vendor, Instructure, has stated that there is currently no evidence that passwords, dates of birth, government identifiers, or financial information were involved.
Instructure has confirmed that the nature of the incident means that Canvas can continue to operate as normal, and you should continue using it.
There is no requirement to reset passwords, however, as a precautionary measure only, it is recommended that you do this. Visit the IT Knowledge Base article for information on how to change your password.
This issue is unrelated to the assignment submission issue in Canvas that affected some users earlier this week.
What you can do to be extra vigilant
After any widely reported security incident, there is an increased risk of phishing attempts. Phishing is when people attempt to deceive you into parting with financial or sensitive personal information, often pretending to be a person or organisation that you trust. Fraudsters may do this through phone calls, emails, texts, WhatsApp, or social media. Therefore, please be extra alert for:
If you receive any suspicious emails, report them using the “Report Email” button in Outlook. It is in the header bar of your UoB emails. If you’re using the MyUoB app to view your emails, you’ll need to use the ‘Open in Outlook’ button first to be able to see the Report Email button in your email.
IT Services are working with colleagues University-wide to respond to the situation. We will keep you updated as information becomes available. If you have any questions, please contact the IT ServiceDesk, you can also call on +44 (0)121 414 7171.