Mount Royal University hit by ransomware attack on student and staff files

Support LWC on Patreon

The university-related data of Mount Royal University students, along with staff both past and present, was vulnerable during a ransomware cyber incident that was first detected in June.

For some, that could mean exposure to personal data stored on the H-Drive that was accessed by an “unauthorized actor.”

Mount Royal University, in information posted to a webpage dedicated to the incident, said it first notified the MRU community about a cyber incident on June 18, 2026, that affected certain university systems and services.

At that time, they said they would notify students if a subsequent investigation determined that information on the drives had been affected.

In an update provided July 7 at 1:30 p.m., MRU began informing the students and staff at the Calgary university.

“We regret to inform our community that our investigation has now shown that data within certain folders on the University’s ‘H drive’ was accessed and taken by an unauthorized actor,” read their webpage.

“The actor then deleted our H drive data to impede our recovery.”

MRU was contacted for further details on the cyberattack, but they referred all inquiries to the information on the webpage, saying that it was the most up-to-date.

 According to MRU, the H drive is a file storage system used by individual employees and students.  They said their analysis showed that specific folders were accessed, and not the entire H drive

Students have told LWC that the H drive was used for accessing assignments or readings, or for storing digital audio, video, image or text files. It could have included employees’ lesson plans, presentation files, grading or other professional files.

MRU said it provides the H drive to support students’ and employees’ academic work.

“It is not meant to be a repository for personal information, but depending on what individuals chose to store in the folder it may contain personal information. Although this information is not within the University’s control, it is providing notice to all individuals whose folders were compromised,” reads their website.

“The University’s analysis of the potential exposure of university data, including corporate data about employees, is ongoing, and its understanding of the nature and scope of any such data will continue to evolve as that analysis progresses.”

MRU said that the J drive was also deleted. This contains departmental data, they said.

“There is currently no evidence that J drive data was accessed or copied before it was deleted,” MRU said.

“We are still working to recover deleted J drive data, but a full recovery may not be possible.”

MRU confirmed that the attack involved a ransomware “threat actor.” They said they wouldn’t be confirming specific discussions with the “threat actor.”

In the meantime, they will be offering two years of credit monitoring for all current employees and those employed within the past five years. They said, however, that they are not offering credit monitoring to student users who chose to store personal files on the H drive folders.

Along with the access of the data drives, the attack forced other services, including the phones and the university website, to be shut down. They said that they are restoring services in a controlled and secure manner.

This incident comes after other high-profile cyberattacks against Calgary institutions. Back in 2024, there was a failed ransomware attempt made against the Calgary Public Library.

The Calgary Board of Education was also hit by an attack that infiltrated its PowerSchool system, exposing thousands of students’ data, both past and present.

All future updates on the incident will be made to the MRU incident webpage. Any affected individuals will be contacted by MRU.

MRU had no additional comment, as their investigation was ongoing.

The incident has been reported to the Alberta Information and Privacy Commissioner and local law enforcement, MRU said.

Liked it? Take a second to support Staff LiveWire Calgary on Patreon!
Become a patron at Patreon!

Trending articles

Calgary Stampede 2026 – Big crowd on day three pushes attendance to a half million

Staff LiveWire Calgary

Calgary Stampede 2026: Day 4 attendance holds, rodeo pool swap

Staff LiveWire Calgary

Calgary’s downtown office conversion program reopens with $25M in funding

Darren Krause

Walcott: The Calgary Stampede – A glimpse at ending food insecurity

Courtney Walcott

Calgary Stampede time sexual assault bump prompts safety tips from legal expert

Sarah Palmer

Latest from LiveWire Calgary

Rule changes are being explored as e-scooter, power bike use jumps

Darren Krause

Calgary Stampede time sexual assault bump prompts safety tips from legal expert

Sarah Palmer

Calgary Stampede 2026: Day 4 attendance holds, rodeo pool swap

Staff LiveWire Calgary

Students seeing value: Uptick in Calgary summer school enrolment continues

Kaiden Brayshaw - Local Journalism Initiative

MORE RECENT ARTICLES

City tallies noise complaints for first weekend of the Calgary Stampede

Darren Krause

Locally-designed Stampede food app makes it easier to find the new eats

Staff LiveWire Calgary

Calgary Stampede 2026 – Big crowd on day three pushes attendance to a half million

Staff LiveWire Calgary

Walcott: The Calgary Stampede – A glimpse at ending food insecurity

Courtney Walcott