Mount Royal University confirms network breach after attackers claim data theft

Mount Royal University in Calgary has confirmed that it suffered a cyberattack in June that led to unauthorized access to some data and disruption across several campus systems.In a notice posted on i...

Mount Royal University in Calgary has confirmed that it suffered a cyberattack in June that led to unauthorized access to some data and disruption across several campus systems.

In a notice posted on its website, the university said the incident began on June 17 and affected online services, internet connectivity, and some internal systems. MRU said it brought in internal technical staff and outside cybersecurity specialists to investigate the intrusion and help restore services.

What was accessed

According to the university, investigators found that files in certain folders on its “H drive,” a storage area used by students and employees, were accessed and copied by an unauthorized party. Those folders contained information related to current and former students, current and former employees, and some other individuals.

MRU also said a separate storage location, the “J drive,” was deleted during the attack. The school said there is no evidence at this stage that the J drive contents were copied before being removed, but recovery efforts are still underway and may not be complete.

The university said it has informed the Alberta Information and Privacy Commissioner and law enforcement. Because the stolen material was later deleted, MRU said it may take time to determine exactly which people were affected and what information may have been exposed.

Once individuals impacted by the breach are identified, the university said it will send direct notifications with more details.

Extortion claim

The incident has been claimed by a threat group calling itself CMD Organization. The group posted samples of what it says is stolen data, including passport scans and other sensitive records, and demanded a ransom of 30 bitcoin, or roughly $1.9 million at current prices. It also threatened to publish the data if its demands are not met.

MRU said full recovery of affected systems could take weeks or months. As a precaution, the university is offering two years of credit monitoring and identity theft protection to current employees and to people who worked there within the past five years.

  • Cyberattack date: June 17
  • Data confirmed accessed: selected folders on the H drive
  • Data deleted: J drive departmental files
  • Notifications sent: impacted individuals will be contacted directly