Mount Royal University says data was stolen, deleted in June cyberattack
Posted Jul 7, 2026 3:16 pm.
Last Updated Jul 7, 2026 7:24 pm.
Calgary’s Mount Royal University says a cyber incident last month has now been confirmed as a targeted data breach affecting both students and staff.
The breach occurred on June 18, when MRU’s website, phone lines, and other systems went offline — the school revealed Tuesday that an unauthorized actor accessed specific folders on the institution’s H drive where employee and student files are stored.
The actor stole the data and then deleted the contents to impede recovery, according to a release.
The school says only certain folders were compromised and MRU will begin notifying affected individuals within the week.
As a precaution, all current employees and anyone employed in the past five years will receive two years of credit‑monitoring and identity‑theft protection, with instructions sent by email and physical mail.
The actor also deleted the University’s J drive, which contains departmental files. Investigators say there is no evidence the J drive was accessed or copied, though full restoration may not be possible.
The investigation is expected to take weeks or months.
The incident has been reported to the Alberta privacy commissioner and law enforcement, and updated FAQs are available online for those seeking more information.