Data Breaches

Mount Royal University Confirms Data Stolen in Ransomware Attack

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

University data breach

Mount Royal University (MRU), a public university in Alberta, Canada, has confirmed that employee and student data was stolen from its network in a disruptive ransomware attack.

The incident was discovered on June 17, after hackers deleted two file storage systems: one containing employee and student data, and another used for departmental data storage.

The attack disrupted certain internal systems, as well as online services and internet access, the university announced on June 18.

In a fresh update, MRU confirmed that a ransomware group was behind the attack and that employee and student data hosted on its ‘H drive’ was exfiltrated and deleted.

“The H drive is a file storage system used by individual employees and students. Our analysis indicates that this incident affected specific folders rather than the entire H drive. We will begin directly notifying employees and students whose H drive folders were compromised within the coming week,” the update reads.

The university will provide all current employees, as well as individuals employed within the past five years, with 24 months of free identity theft and credit monitoring services.

Advertisement. Scroll to continue reading.

According to MRU, the hackers did not access or exfiltrate data from the second file storage system that was erased during the attack.

“We have reported this incident to the Alberta Information and Privacy Commissioner and to law enforcement and will provide our full co-operation with their inquiries,” the university said.

Citing the ongoing investigation, MRU refrained from sharing details on how its network was compromised or who was behind it.

The university’s notice, however, came the same day that a ransomware group called CMD Organization added MRU to its Tor-based leak site, claiming the theft of over 10 terabytes of data.

CMD has published screenshots as proof of possession and is demanding a $1.9 million ransom in cryptocurrency.

To date, the ransomware gang has claimed 32 attacks, but only four have been confirmed, Comparitech notes. The group is known to auction information allegedly stolen from its victims.

Related: Accenture Confirms Data Breach After Hacker Claims Source Code Theft

Related: County Government Reportedly Paid $1 Million to Cyber Extortion Group

Related: Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

Related: Xsolis Data Breach Affects 1.4 Million Individuals

Related Content

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Artificial Intelligence

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Cybercrime

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100...

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Data Breaches

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version