MRU Student, Staff Data Stolen in Ransomware Cyberattack
MRU Student, Staff Data Stolen in Ransomware Cyberattack

Mount Royal University (MRU) officials confirmed on Tuesday that student and staff data was compromised in a June ransomware attack. The university stated that unauthorized actors accessed and copied data from certain folders on the university's 'H drive', which supports academic and work activities. The attackers also deleted the H drive data to impede recovery efforts.

Attack Details and Impact

The cyberattack occurred on June 17, targeting two different drives. While the H drive had data stolen, the J drive, which contains departmental data, was deleted but not accessed or copied. MRU noted that only some folders in the H drive were accessed, and the university will contact affected individuals within the next week. Those impacted include current and former students and staff.

“We regret to inform our community that our investigation has now shown that data within certain folders on the University’s ‘H drive’ was accessed and taken by an unauthorized actor,” MRU said in a statement. “The actor then deleted our H drive data to impede our recovery.”

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Recovery and Precautionary Measures

MRU is still working to recover the deleted J drive data, but a full recovery may not be possible. Analysis of the fallout and data recoverability could take weeks or months. As a precaution, all current employees and those employed within the past five years will receive two years of credit monitoring and identity theft protection services.

The Alberta Information and Privacy Commissioner's office has been notified, and police are involved in the investigation, though no arrests have been made. A week after the attack, a faculty member reported that course scheduling, fall registration, and payroll systems were most affected, though he confirmed he had been paid. MRU-issued laptops were recalled for servicing in response to the attack.

Ongoing Operations and Historical Context

Despite the attack, MRU stated that the summer semester is proceeding as scheduled, and some deadlines for the fall semester have been adjusted. This incident is part of a series of ransomware attacks targeting post-secondary institutions. In 2016, the University of Calgary paid $20,000 to attackers to restore vital research data.

MRU emphasized that the data stolen may include personal information depending on what individuals stored in the affected folders. The university continues to investigate and will provide updates as more information becomes available.

Pickt after-article banner — collaborative shopping lists app with family illustration