Mount Royal University Confirms Data Stolen in Ransomware Attack
Mount Royal University confirms ransomware attack with data theft and deletion.
Summary
Mount Royal University (MRU) in Alberta, Canada, has confirmed a ransomware attack that resulted in the theft and deletion of employee and student data from its internal network. The attack, discovered on June 17, disrupted internal systems and online services. A ransomware group named CMD Organization has claimed responsibility, demanding a $1.9 million ransom and listing MRU on its leak site.
Full text
Mount Royal University (MRU), a public university in Alberta, Canada, has confirmed that employee and student data was stolen from its network in a disruptive ransomware attack. The incident was discovered on June 17, after hackers deleted two file storage systems: one containing employee and student data, and another used for departmental data storage. The attack disrupted certain internal systems, as well as online services and internet access, the university announced on June 18. In a fresh update, MRU confirmed that a ransomware group was behind the attack and that employee and student data hosted on its ‘H drive’ was exfiltrated and deleted. “The H drive is a file storage system used by individual employees and students. Our analysis indicates that this incident affected specific folders rather than the entire H drive. We will begin directly notifying employees and students whose H drive folders were compromised within the coming week,” the update reads. The university will provide all current employees, as well as individuals employed within the past five years, with 24 months of free identity theft and credit monitoring services.Advertisement. Scroll to continue reading. According to MRU, the hackers did not access or exfiltrate data from the second file storage system that was erased during the attack. “We have reported this incident to the Alberta Information and Privacy Commissioner and to law enforcement and will provide our full co-operation with their inquiries,” the university said. Citing the ongoing investigation, MRU refrained from sharing details on how its network was compromised or who was behind it. The university’s notice, however, came the same day that a ransomware group called CMD Organization added MRU to its Tor-based leak site, claiming the theft of over 10 terabytes of data. CMD has published screenshots as proof of possession and is demanding a $1.9 million ransom in cryptocurrency. To date, the ransomware gang has claimed 32 attacks, but only four have been confirmed, Comparitech notes. The group is known to auction information allegedly stolen from its victims. Related: Accenture Confirms Data Breach After Hacker Claims Source Code Theft Related: County Government Reportedly Paid $1 Million to Cyber Extortion Group Related: Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack Related: Xsolis Data Breach Affects 1.4 Million Individuals Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Google Dialogflow CX Bug Allowed Attackers to Hijack AI ConversationsCISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla FlawsCritical Vulnerability Exposes GitHub Agentic Workflows to Prompt InjectionCounty Government Reportedly Paid $1 Million to Cyber Extortion GroupCritical Gitea Flaw Under Active Exploitation, Researchers WarnCritical Adobe ColdFusion Vulnerability Exploited in AttacksIran-Linked Hackers Using Modular C&C Framework in CyberattacksLinux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems Latest News 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From GoogleMicrosoft Patches Defender ‘RoguePlanet’ VulnerabilityAI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old TechniqueChrome 150 Update Patches 27 Vulnerabilities8Layers Raises $2.9 Million for Identity Security PlatformUnpatched Backdoor in Tenda Firmware Grants Admin Access to DevicesAccenture Confirms Data Breach After Hacker Claims Source Code TheftChina-Linked APT Expands Arsenal With New ‘Leash’ Backdoors Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveSherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email
Indicators of Compromise
- domain — cmd-organization.onion