Mount Royal University has confirmed that a recent cyberattack resulted in the theft of data from its network after a ransomware group claimed responsibility for the incident. The Canadian university said its ongoing investigation found that an attacker accessed files stored on an internal drive used by students and employees before deleting original data to hinder recovery efforts.
The university first disclosed the cyberattack in June after it disrupted multiple IT services, including internet access, online systems, and internal platforms. At the time, officials said they were working with external cybersecurity specialists to determine the scope of the incident and restore affected systems.
Mount Royal University has now confirmed that the attacker stole data from its H drive, a shared file storage system used by staff and students. Investigators also determined that the original copies of those files were deleted during the attack, making recovery significantly more difficult. The university said work to restore data from another storage system, known as the J drive, is continuing, although a complete recovery may not be possible.
University officials have not disclosed how many people may have been affected. They said individuals whose personal information was exposed will be contacted directly as investigators identify the compromised data. The forensic investigation remains active, and the institution warned that determining the full impact could take weeks or even months.
The ransomware group Interlock has claimed responsibility for the attack and listed the university on its leak site. According to the gang, it stole approximately 470 GB of data before encrypting systems. The criminals have threatened to publish the information if their demands are not met, although Mount Royal University has not confirmed the volume of data allegedly taken.
As part of its response, the university said it will provide two years of credit monitoring and identity theft protection services to all current employees and anyone who worked at the institution within the past five years. Additional notifications will be sent by email and traditional mail as the investigation progresses.
Mount Royal University has not disclosed how the attackers initially gained access to its network. Officials said they are continuing to work with digital forensics experts to determine the intrusion method, assess the extent of the compromise, and strengthen security measures before fully restoring affected systems.