Mount Royal University Grapples with Data Breach and Extortion Demands
Calgary's **Mount Royal University (MRU)** is facing a significant cybersecurity incident, confirming that hackers accessed, stole, and subsequently deleted data from its file storage systems. The breach, which occurred on June 17, has disrupted a wide array of university services and led to an extortion demand from the threat group **CMD Organization**.
On June 17, **Mount Royal University (MRU)** experienced a cyberattack that compromised its network, leading to widespread system disruptions including online services and internet access. The university has since engaged technical teams and external cybersecurity experts to investigate the incident and support recovery efforts.
### Data Theft and Deletion Confirmed
The investigation has confirmed that an unauthorized actor stole data from the university's "H drive," which is used by both students and employees for file storage. Disturbingly, the original copies of this data were then wiped to impede recovery operations.
"We regret to inform our community that our investigation has now shown that data within certain folders on the Universityβs βH driveβ was accessed and taken by an unauthorized actor," reads an announcement from **MRU**.
This accessed data affects current and former students, current and former employees, and an unspecified category of "other individuals." The university is working to determine the exact impact for each person, a task complicated by the deletion of the data. Affected individuals will be contacted directly with personalized notifications once identified.
In addition to the "H drive," a separate "J drive" containing departmental data was also wiped. While **MRU** states there is currently no evidence that data from the "J drive" was accessed or copied before its deletion, a full recovery of this data may not be possible.
### CMD Organization Claims Responsibility and Demands Ransom
Responsibility for the attack has been claimed by the threat group **CMD Organization**. The group has published samples of the allegedly stolen data, including passport scans and other sensitive documents, as proof of their access.
**CMD Organization** is demanding a ransom of **30 BTC**, approximately **$1.9 million**, and has given the university six days to respond before threatening to leak the full dataset. The group operates an auction-style system, offering to sell stolen data to the highest bidder, and currently lists 30 organizations on its clear web and dark web extortion portals.

### Recovery Efforts and Support
**MRU** has reported the incident to the **Alberta Information and Privacy Commissioner** and law enforcement authorities. The university anticipates that the recovery of affected systems could take several weeks to months, with updates to be provided as new details emerge.
To mitigate the impact on its community, **MRU** is offering two years of credit monitoring and identity theft protection to all current employees and individuals employed within the past five years.