The university-related data of Mount Royal University students, along with staff both past and present, was vulnerable during a ransomware cyber incident that was first detected in June.
For some, that could mean exposure to personal data stored on the H-Drive that was accessed by an “unauthorized actor.”
Mount Royal University, in information posted to a webpage dedicated to the incident, said it first notified the MRU community about a cyber incident on June 18, 2026, that affected certain university systems and services.
At that time, they said they would notify students if a subsequent investigation determined that information on the drives had been affected.
In an update provided July 7 at 1:30 p.m., MRU began informing the students and staff at the Calgary university.
“We regret to inform our community that our investigation has now shown that data within certain folders on the University’s ‘H drive’ was accessed and taken by an unauthorized actor,” read their webpage.
“The actor then deleted our H drive data to impede our recovery.”
MRU was contacted for further details on the cyberattack, but they referred all inquiries to the information on the webpage, saying that it was the most up-to-date.
According to MRU, the H drive is a file storage system used by individual employees and students. They said their analysis showed that specific folders were accessed, and not the entire H drive
Students have told LWC that the H drive was used for accessing assignments or readings, or for storing digital audio, video, image or text files. It could have included employees’ lesson plans, presentation files, grading or other professional files.
MRU said it provides the H drive to support students’ and employees’ academic work.
“It is not meant to be a repository for personal information, but depending on what individuals chose to store in the folder it may contain personal information. Although this information is not within the University’s control, it is providing notice to all individuals whose folders were compromised,” reads their website.
“The University’s analysis of the potential exposure of university data, including corporate data about employees, is ongoing, and its understanding of the nature and scope of any such data will continue to evolve as that analysis progresses.”
MRU said that the J drive was also deleted. This contains departmental data, they said.
“There is currently no evidence that J drive data was accessed or copied before it was deleted,” MRU said.
“We are still working to recover deleted J drive data, but a full recovery may not be possible.”
MRU confirmed that the attack involved a ransomware “threat actor.” They said they wouldn’t be confirming specific discussions with the “threat actor.”
In the meantime, they will be offering two years of credit monitoring for all current employees and those employed within the past five years. They said, however, that they are not offering credit monitoring to student users who chose to store personal files on the H drive folders.
Along with the access of the data drives, the attack forced other services, including the phones and the university website, to be shut down. They said that they are restoring services in a controlled and secure manner.
This incident comes after other high-profile cyberattacks against Calgary institutions. Back in 2024, there was a failed ransomware attempt made against the Calgary Public Library.
The Calgary Board of Education was also hit by an attack that infiltrated its PowerSchool system, exposing thousands of students’ data, both past and present.
All future updates on the incident will be made to the MRU incident webpage. Any affected individuals will be contacted by MRU.
MRU had no additional comment, as their investigation was ongoing.
The incident has been reported to the Alberta Information and Privacy Commissioner and local law enforcement, MRU said.





