Mount Royal University has confirmed that hackers stole sensitive data during a cyberattack in June. The attackers also deleted files from university storage systems. The incident disrupted several campus services and triggered a large recovery effort.
The Mount Royal University breach affected file storage used by students and employees. Investigators are still working to determine exactly what information was exposed.
Cyberattack Disrupted University Systems
Mount Royal University (MRU), a public university in Calgary, says attackers breached its network on June 17.
The attack disrupted several services across campus. These included:
- Online services
- Internet access
- Internal university systems
The university quickly launched an investigation. It also brought in external cybersecurity experts to help restore affected systems.
Hackers Stole Data From the H Drive
Investigators confirmed that attackers accessed the university’s H drive. Students and employees use this shared drive to store files.
The attackers copied data before deleting the original files. Investigators believe the deletion was intended to slow recovery efforts.
According to MRU, the affected folders contained information relating to:
- Current students
- Former students
- Current employees
- Former employees
- Other individuals connected to the university
The university says the attackers deleted much of the affected data. As a result, investigators need more time to determine exactly what information each person lost.
Departmental Files Were Also Deleted
The attackers also erased data stored on the university’s J drive.
The J drive contained departmental files rather than personal storage.
So far, investigators have found no evidence that attackers copied data from the J drive before deleting it.
Recovery efforts continue. However, the university warns that it may not recover every deleted file.
University Continues Its Investigation
The Mount Royal University breach has been reported to the Alberta Information and Privacy Commissioner and to law enforcement.
Investigators continue reviewing the stolen files.
The university says it will notify affected individuals directly once it confirms whose information was exposed.
Because attackers deleted part of the storage environment, the review process remains slow and complex.
CMD Organization Claims Responsibility
The ransomware group CMD Organization has claimed responsibility for the attack.
The group published samples of what it says are stolen university documents. The files reportedly include passport scans and other sensitive records.
According to reports, the attackers demanded 30 Bitcoin, worth about $1.9 million. They also gave the university six days to pay before threatening to publish the remaining data.
CMD Organization reportedly operates both clear web and dark web leak sites. It uses them to advertise stolen data and sell exclusive access to the highest bidder.
The group currently lists dozens of organizations on its extortion portal.
Recovery May Take Several Months
Mount Royal University says restoring affected systems could take weeks or even months.
The university plans to provide additional updates as the investigation continues.
MRU is also offering two years of credit monitoring and identity theft protection to all current employees and anyone employed by the university during the past five years.
The Mount Royal University breach shows how ransomware attacks continue to threaten universities. These institutions store large amounts of sensitive personal information, making them attractive targets for cybercriminals.


0 responses to “Mount Royal University Breach Confirmed After Hackers Claim Attack”