Mount Royal University Cyberattack Confirms Breach

The Mount Royal University data breach has been confirmed following a cyber incident that disrupted multiple university services in June. The Mount Royal University cyberattack, which occurred on June 18, has now been identified as a targeted attack in which an unauthorized actor accessed, stole, and deleted data stored on the university’s internal systems. 

 As the investigation into the cyberattack on Mount Royal University continues, the institution has begun taking steps to notify affected individuals, strengthen its response, and provide identity protection services to employees. 

Mount Royal University Cyberattack Led to Data Theft and Deletion 

Mount Royal University (MRU) in Calgary announced that its ongoing investigation has confirmed the cyber incident reported on June 18 was more than a service disruption. According to the university, an unauthorized actor gained access to specific folders within the institution’s H drive, a file storage system used by employees and students. 

Investigators determined that the threat actor not only accessed and stole data from those folders but also deleted the contents afterward in an apparent attempt to hinder recovery efforts. The university emphasized that only certain folders on the H drive were affected, rather than the entire storage system. 

The Mount Royal University data breach affected files belonging to both students and staff, although the full scope of the compromised information remains under investigation. 

Certain Employees and Students Impacted 

According to MRU, the H drive serves as a storage location for files belonging to individual employees and students. While the university stated that only specific folders were compromised, it will begin notifying impacted individuals within the week. 

The institution has not disclosed the exact number of people affected by the Mount Royal University cyberattack, but confirmed that those whose information may have been exposed will receive direct communication regarding the incident. 

As a precautionary measure, Mount Royal University will provide two years of credit monitoring and identity theft protection services to all current employees, as well as anyone who has been employed by the university within the past five years. Instructions for accessing these services will be distributed through both email and physical mail. 

Departmental Files Also Affected During the Cyberattack on Mount Royal University 

In addition to compromising the H drive, the threat actor also deleted the university’s J drive, which stores departmental files. 

Although investigators confirmed that the J drive was erased, they stated there is currently no evidence indicating that its contents were accessed or copied before being deleted. Recovery efforts are underway; however, the university acknowledged that restoring all deleted departmental data may not be possible. 

Investigation Expected to Continue for Weeks or Months 

Mount Royal University said its investigation into the incident remains active and could take weeks or even months to complete. Digital forensic experts continue to examine the compromised systems to determine the full extent of the data breach and identify exactly what information was accessed. 

The university indicated it will continue providing updates as new information becomes available. Officials are also working to restore affected systems following the Mount Royal University data breach, although recovery efforts remain ongoing due to the deletion of critical files. 

Scroll to Top