Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Mount Royal University Confirms Data Stolen in Ransomware Attack

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

University data breach

Mount Royal University (MRU), a public university in Alberta, Canada, has confirmed that employee and student data was stolen from its network in a disruptive ransomware attack.

The incident was discovered on June 17, after hackers deleted two file storage systems: one containing employee and student data, and another used for departmental data storage.

The attack disrupted certain internal systems, as well as online services and internet access, the university announced on June 18.

In a fresh update, MRU confirmed that a ransomware group was behind the attack and that employee and student data hosted on its ‘H drive’ was exfiltrated and deleted.

“The H drive is a file storage system used by individual employees and students. Our analysis indicates that this incident affected specific folders rather than the entire H drive. We will begin directly notifying employees and students whose H drive folders were compromised within the coming week,” the update reads.

The university will provide all current employees, as well as individuals employed within the past five years, with 24 months of free identity theft and credit monitoring services.

Advertisement. Scroll to continue reading.

According to MRU, the hackers did not access or exfiltrate data from the second file storage system that was erased during the attack.

“We have reported this incident to the Alberta Information and Privacy Commissioner and to law enforcement and will provide our full co-operation with their inquiries,” the university said.

Citing the ongoing investigation, MRU refrained from sharing details on how its network was compromised or who was behind it.

The university’s notice, however, came the same day that a ransomware group called CMD Organization added MRU to its Tor-based leak site, claiming the theft of over 10 terabytes of data.

CMD has published screenshots as proof of possession and is demanding a $1.9 million ransom in cryptocurrency.

To date, the ransomware gang has claimed 32 attacks, but only four have been confirmed, Comparitech notes. The group is known to auction information allegedly stolen from its victims.

Related: Accenture Confirms Data Breach After Hacker Claims Source Code Theft

Related: County Government Reportedly Paid $1 Million to Cyber Extortion Group

Related: Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

Related: Xsolis Data Breach Affects 1.4 Million Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.