Mount Royal University (MRU) in Alberta, Canada, recently experienced a significant data breach due to a ransomware attack. The university has confirmed that both employee and student information was compromised during the incident.
Details of the Ransomware Attack
The security breach was identified on June 17 when two critical file storage systems were deleted by attackers. One system contained sensitive employee and student data, while the other was used for departmental purposes. The attack caused disruptions in internal systems, online services, and internet connectivity, as reported by the university on June 18.
MRU has since confirmed that a ransomware group was responsible for the attack. They managed to exfiltrate and delete data stored on the ‘H drive’, which is utilized by individual employees and students. The university’s analysis revealed that specific folders were targeted rather than the entire storage system. Affected individuals will be notified directly within the next week.
University’s Response and Support
In response to the data breach, MRU is offering 24 months of free identity theft and credit monitoring services to all current employees and those employed in the past five years. This move aims to mitigate potential risks arising from the stolen data.
It is important to note that the hackers did not manage to access or extract information from the second storage system that was erased during the cyberattack. The university has reported the incident to the Alberta Information and Privacy Commissioner and law enforcement, committing to full cooperation in their investigations.
Ongoing Investigation and Demands
Due to the ongoing investigation, MRU has not disclosed specific details about how the network was infiltrated or the identities of the perpetrators. However, the notice came shortly after a ransomware group known as CMD Organization claimed responsibility. They listed MRU on their Tor-based leak site, alleging the theft of over 10 terabytes of data.
The group has also published screenshots to verify their claims and is demanding a ransom payment of $1.9 million in cryptocurrency. CMD Organization has a history of attacks, having claimed responsibility for 32 incidents, with only four being verified so far. They are notorious for auctioning off data purportedly stolen from their victims.
The situation underscores the growing threat of ransomware attacks on educational institutions and the importance of robust cybersecurity measures to protect sensitive information.
