Mount Royal University Confirms Breach as Hackers Claim Attack
Mount Royal University Confirms Breach 🚨
Mount Royal University in Calgary has confirmed a significant data breach where hackers stole and deleted data from its file storage systems. This incident occurred after a cyberattack on June 17, which disrupted various university systems, including online services and internet access.
In an update on their website, MRU stated that they have engaged technical teams and external cybersecurity experts to investigate the breach and support recovery efforts. The investigation revealed that the attackers accessed data stored on a drive used by students and employees for file storage, and unfortunately, the original copies were wiped to hinder recovery operations.
“We regret to inform our community that our investigation has now shown that data within certain folders on the University’s ‘H drive’ was accessed and taken by an unauthorized actor,” reads the announcement.
The breach affected folders containing information about current and former students and employees, as well as other individuals. Additionally, the attackers wiped a separate drive labeled ‘J’, which stored departmental data. MRU has stated that there is currently no evidence that the ‘J drive’ data was accessed or copied before it was deleted, but recovery efforts are ongoing.
The attack was claimed by the threat group CMD Organization, which has published samples of the allegedly stolen data, including sensitive documents. They demanded a ransom of 30 BTC (approximately $1.9 million) and provided the university with six days to respond before leaking the full set of stolen information. CMD Organization operates an auction-style system, offering to sell the stolen data to the highest bidder.
The university has reported the incident to the Alberta Information and Privacy Commissioner and law enforcement authorities. Once impacted individuals are identified, they will receive personalized notifications. MRU has indicated that recovery of the affected systems may take several weeks to months and will provide updates as new information becomes available. Furthermore, the university is offering two years of credit monitoring and identity theft protection to all current employees and those employed in the past five years.
For more details, you can read the full article here: Read full article