Further to the Canvas status update we shared on Monday 4 May regarding a cyber security incident, we have now been informed by Instructure, the supplier of Canvas, that data associated with the University of Manchester has been accessed as part of this incident. 

The data involved may include names, email addresses and user identification numbers of some Canvas users. Based on the information provided to date, this is not believed to include sensitive personal data such as dates of birth, financial information or passwords. 

The incident has been reported to the Information Commissioner’s Office (ICO), and our Cyber Security Incident Response Team is continuing to liaise with Instructure and relevant parties to understand the full details and scope. 

Instructure has confirmed that the incident is contained at their level and the system is operating under enhanced security monitoring. Canvas remains available for all study and business activity, and there is no requirement for users to reset their passwords at this time. 

This incident is unrelated to the assignment submission issue in Canvas that affected some users yesterday. 

We will continue to update our community as more information becomes available.