PUBLISHED ONMay 09, 2026 6:25 AMBYBhavya RawatThe recent cyberattack on global learning management platform Canvas has not compromised any sensitive information from students at the National University of Singapore (NUS).
In a statement addressing the matter, a spokesperson for the university told AsiaOne on Saturday (May 9) that it is aware of the data breach.
NUS was among multiple educational institutions affected by the cyberattack on May 7, which blocked access to the platform. Access was restored on May 8. Cyberextortion group ShinyHunters claimed to be behind the incident.
Other local universities in the list of affected institutions include the Singapore University of Social Sciences (SUSS) and the Singapore Institute of Management.
Assuring that data protection and security are its priority, the NUS spokesperson said the university is in touch with US-based company Instructure, which owns Canvas, to assess the impact.
"We understand from Instructure that the data involved comprises names, email addresses and matriculation numbers. No other sensitive personal information including login credentials is compromised," the spokesperson added.
The operational impact of the breach was assessed to be minimal, the spokesperson said, as the current semester has concluded and all exams have ended.
"We have in place backup and business continuity processes to ensure downstream activities such as marking and grading proceed unaffected," the spokesperson added.
The university has also reminded students to be on alert and stay vigilant to any suspicious messages.
They are also urged not to disclose any personal information or login details if contacted by suspicious people on various channels, whether online or digital.
As educational institutes work on precautionary measures, the Cyber Security Agency of Singapore (CSA) said it is monitoring the situation.
"We have reached out to affected organisations to offer assistance and provide advice on mitigation measures," it said.
On Friday, NUS students received an email from the university addressing the "data security incident" involving Canvas, reported The Straits Times.
The email informed them that information which might have been exposed is limited to their names, email addresses and student IDs.
It also assured that login credentials such as passwords have not been compromised, and that all student marks remain secure.
Meanwhile, students at SUSS received a similar email on the same day.
The email — which was seen by AsiaOne — stated that according to Instructure, the incident has been resolved.
"Canvas is fully operational, and there is no ongoing unauthorised activity," it read.
SUSS also stated there is no indication that passwords, NRIC/FIN numbers, dates of birth, or financial information were involved in the breach.
It urged students to remain vigilant against phishing and other online scams, as personal information may sometimes be used to craft more convincing fraudulent messages.
The university also advised students to change their passwords and enable multi-factor authentication as a precaution.
AsiaOne has reached out to SUSS for more information.
[[nid:735450]]
bhavya.rawat@asiaone.com
