CBS learning platform provider affected by data breach
Canvas, which CBS uses through the provider Instructure, has been affected by a cyberattack, which means that students’ and employees’ personal data may have been stolen or accessed by an unauthorised party
CBS has learned that a named hacker group has gained access to and stolen information from the system we use.
Our provider has still not been able to say exactly which data is involved. They have, however, informed us that CBS is affected by the data breach.
Canvas contains information such as names, email addresses, student ID numbers and messages sent between students and between students and lecturers.
The system is still in operation. As a precaution, we recommend that employees and students carefully consider what information they exchange in private messages in Canvas.
For the time being, we advise against exchanging messages containing sensitive or confidential content as a precaution.
We also encourage heightened vigilance in relation to phishing and smishing attacks (email and text message, respectively).
CBS is in dialogue with our provider to clarify the scope of the incident and how it unfolded. At this stage, CBS does not have a full overview of how this could happen or what measures the provider has put in place to limit the incident or any future incidents.
CBS expects to receive updated information from our provider on an ongoing basis.
CBS is also in close dialogue with the University of Copenhagen, which also uses Canvas. The platform is used by several thousand educational institutions around the world.
Today, CBS reported the suspected data breach to the Danish Data Protection Agency.