Mount Royal University Hit by Ransomware Attack, Exposing Student and Staff Data
Mount Royal University (MRU) in Calgary confirmed that a ransomware attack detected in June 2026 compromised personal and academic data stored on its H-Drive, a file storage system used by students and employees. The university first notified the community on June 18, 2026, after identifying the breach, which disrupted multiple systems, including phones and the university website.
An investigation revealed that an unauthorized actor accessed and exfiltrated data from specific folders on the H-Drive before deleting the files to hinder recovery. While the H-Drive was intended for academic work such as assignments, lesson plans, and research materials MRU acknowledged that some users may have stored personal information in their folders. The university is notifying all affected individuals but has not disclosed the exact number of those impacted.
Additionally, the J-Drive, which stores departmental data, was deleted during the attack. MRU stated there is no evidence that J-Drive data was accessed or copied before deletion, though full recovery remains uncertain.
The attack, attributed to a ransomware threat actor, forced MRU to take systems offline as a precaution. The university is restoring services gradually while continuing its forensic analysis. MRU has not disclosed whether a ransom was demanded or paid.
In response, MRU is offering two years of credit monitoring to current employees and those employed within the past five years but not to students, even if their personal data was exposed. The incident has been reported to the Alberta Information and Privacy Commissioner and law enforcement.
This attack follows recent cyber incidents targeting Calgary institutions, including a 2024 ransomware attempt on the Calgary Public Library and a breach of the Calgary Board of Education’s PowerSchool system, which exposed student records. MRU is providing updates on a dedicated incident webpage as the investigation progresses.
Calgary Board of Education TPRM report: https://www.rankiteo.com/company/ucalgary
Calgary Public Library TPRM report: https://www.rankiteo.com/company/ucalgary
"id": "uca1783485000",
"linkid": "ucalgary",
"type": "Breach",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Students and employees (exact '
'number undisclosed)',
'industry': 'Education',
'location': 'Calgary, Alberta, Canada',
'name': 'Mount Royal University',
'type': 'University'}],
'customer_advisories': 'Two years of credit monitoring offered to current '
'employees and those employed within the past five '
'years (not extended to students)',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Possible (stored in '
'H-Drive folders)',
'sensitivity_of_data': 'High (potential personally '
'identifiable information)',
'type_of_data_compromised': ['Personal information',
'Academic data']},
'date_detected': '2026-06',
'date_publicly_disclosed': '2026-06-18',
'description': 'Mount Royal University (MRU) in Calgary confirmed that a '
'ransomware attack detected in June 2026 compromised personal '
'and academic data stored on its H-Drive, a file storage '
'system used by students and employees. The attack disrupted '
'multiple systems, including phones and the university '
'website. An unauthorized actor accessed and exfiltrated data '
'from specific folders on the H-Drive before deleting the '
'files to hinder recovery. The J-Drive, which stores '
'departmental data, was also deleted during the attack, with '
'no evidence of access or copying before deletion.',
'impact': {'data_compromised': 'Personal and academic data',
'identity_theft_risk': 'Potential for affected individuals',
'operational_impact': 'Systems taken offline as a precaution; '
'gradual restoration of services',
'systems_affected': ['Phones',
'University website',
'H-Drive',
'J-Drive']},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Mount Royal University Incident Webpage'}],
'regulatory_compliance': {'regulatory_notifications': ['Alberta Information '
'and Privacy '
'Commissioner']},
'response': {'communication_strategy': 'Dedicated incident webpage for '
'updates; community notifications',
'containment_measures': 'Systems taken offline as a precaution',
'law_enforcement_notified': 'Yes',
'remediation_measures': 'Restoring services gradually; forensic '
'analysis ongoing'},
'threat_actor': 'Ransomware threat actor',
'title': 'Mount Royal University Ransomware Attack',
'type': 'Ransomware'}