Data breach at Canvas developer also affects RNTC

Instructure has reported that there was unauthorized access to part of its systems. Based on their investigation, the following data has been compromised:

• Names of students and staff
• Email addresses
• Messages between users

There is no evidence that passwords, dates of birth, government identifiers, or financial information were involved. Additionally, RNTC's Canvas environment is not connected to any financial or payment systems and is not integrated with any third-party platforms, so no such data was at risk on our end.

In our assessment, the most likely risks from this breach are phishing emails and the use of real names and email addresses to impersonate individuals. We therefore ask you to be extra vigilant about suspicious messages such as unexpected emails, emails requesting personal information, or emails referencing this incident. If in doubt about any message you receive, do not click any links or open attachments. You can read more about how to recognize phishing on the CISA website.

As soon as we confirmed that RNTC was among the affected organizations, we reported the data breach to the Autoriteit Persoonsgegevens (the Dutch Data Protection Authority) within the legally required 72-hour window.

Canvas is fully back online and available for use. Instructure has confirmed that their forensic partners found no evidence that the unauthorized party currently has access to the platform.

We are closely monitoring the situation and will continue to provide updates as soon as more information becomes available. Instructure is keeping their incident update page as the central source for confirmed updates and FAQs.

If you have received a suspicious or unexpected message, or have any questions about this incident, please contact us at: info@rntc.com