Mount Royal College in Calgary introduced that hackers stole after which deleted information from its file storage system after infiltrating the college’s community.
In an replace printed on its web site, MRU mentioned it has dispatched a technical staff and exterior cybersecurity consultants to help with the investigation and restoration efforts following the June 17 cyber assault.
This incident disrupted a variety of college methods, together with on-line companies, web entry, and sure inner methods.
MRU is a public college with a historical past of over 100 years. At present, there are 11,560 college students and 12,500 undergraduate college students.
Earlier investigations have confirmed that attackers stole information saved on drives utilized by college students and staff for file storage, and the unique copies have been erased to disrupt restoration efforts.
“Sadly, we want to inform our group that our investigation has revealed that information inside sure folders on the college’s “H drive” was accessed and exfiltrated by an unauthorized attacker. ” reads the announcement.
The college revealed that the incident affected particular folders on drive H. This folder contained info affecting present and former college students of the college, present and former staff of the college, and unspecified classes of “different people.”
Moreover, the attackers additionally wiped one other drive labeled “J” that saved the division’s information. “Presently, there isn’t a proof that the info on drive J was accessed or copied earlier than it was deleted,” MRU mentioned.
“Whereas we proceed to work to recuperate deleted J drive information, full restoration will not be potential.”
The college mentioned the incident was reported to the Alberta Data and Privateness Fee and regulation enforcement.
The college mentioned that figuring out the precise influence on every particular person can be advanced and time-consuming as a result of the info leaked differed from individual to individual and had already been deleted.
As soon as affected people are recognized, they are going to be contacted instantly via a personalised notification.
CMD group claims assault
The MRU assault was claimed by risk group CMD Group, which launched samples of allegedly stolen information, together with passport scans and different delicate paperwork.
The attackers demanded a ransom of 30 BTC (at the moment round $1.9 million) and gave the college six days to reply earlier than divulging the entire set of stolen info.

Supply: BleepingComputer
The CMD group seems to be utilizing an auction-style system, providing to promote stolen information solely to the best bidder. The risk group at the moment has 30 organizations listed on its extortion website and operates each clear internet and darkish internet portals.
MRU mentioned restoration of affected methods may take weeks or months and it might present updates as new particulars change into out there.
The College additionally affords two years of credit score monitoring and identification theft safety to all present staff and people employed inside the previous 5 years.
Safety groups doc 54% of profitable assaults and situation a warning on solely 14%. The remainder strikes invisibly via the setting.
Picus’ whitepaper reveals tips on how to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
