Calgary university loses student and staff files to hackers who wiped the originals
Mount Royal University says a June 17 break-in ended with stolen data on shared drives and a ransom demand of 30 bitcoin from a group calling itself CMD Organization.

Key points
- Mount Royal University in Calgary confirmed hackers broke into its network on June 17, 2025 and stole files belonging to students and staff.
- The attackers copied data from the university's shared H drive, then deleted the originals to make recovery harder.
- A group calling itself CMD Organization has claimed the attack and is demanding 30 bitcoin, roughly 1.9 million US dollars.
- The university has told the Alberta Information and Privacy Commissioner and police, and is offering two years of credit monitoring to current and recent employees.
- Full recovery of the wiped systems could take weeks to months, and some data may be gone for good.
Mount Royal University, a public university in Calgary with more than 11,500 students, has confirmed what many staff and students suspected since June: hackers got in, took files, and then trashed the originals on the way out.
The break-in happened on June 17. It knocked out online services, internet access and internal systems across the campus. The university has been drip-feeding updates ever since, and the latest one is the worst so far.
What did the hackers actually take?
They took files from the university's "H drive," which is the shared storage space students and employees use to keep documents. Think of it as the university's version of a big communal filing cabinet on the network.
Mount Royal says certain folders on that drive were "accessed and taken by an unauthorized actor." The information belongs to current and former students, current and former employees, and a vague third bucket the university calls "other individuals."
A second shared drive, the "J drive," which departments used for their own files, was wiped. The university says there is no sign that data was copied first. It is still trying to restore it. A full recovery, it warns, may not be possible.
The incident has been reported to the Alberta Information and Privacy Commissioner and to law enforcement.
Who is behind it?
A group calling itself CMD Organization has claimed responsibility, first reported by BleepingComputer. The group has posted samples of what it says is the stolen material, including scans of passports and other sensitive documents.
CMD Organization is demanding 30 bitcoin, currently worth about 1.9 million US dollars. It has given the university six days to pay before dumping the full set of files.
The group runs an extortion site on both the regular web and the dark web, which is a part of the internet you need special software to reach. It currently lists 30 victim organisations. Unusually, it runs an auction format: the stolen data goes to the highest bidder rather than being leaked for free.
That is a nastier variation on the standard playbook. Most ransom crews just threaten to publish. Selling exclusively means the buyer gets to do whatever they like with the files, and the victims never see them surface publicly to know what is out there.
What should students and staff do?
Mount Royal says the exposed information varies from person to person, and because the originals were deleted, working out exactly what each individual lost is going to take time. Once the university figures out who was affected, it will contact them directly.
In the meantime, current employees and anyone who worked at the university in the past five years are being offered two years of free credit monitoring and identity theft protection. Take it up. If your passport scan or student file was in one of those folders, watch for suspicious emails referencing your time at MRU, and be wary of anyone phoning claiming to be from the university's IT or finance teams.
Recovery of the affected systems will take weeks to months. The university has promised further updates. For a 100-year-old institution that runs on shared drives and email like every other university, this is going to be a long summer.



