Mount Royal University (MRU) in Calgary is responding to a cyberattack that disrupted multiple campus systems, forced portions of its digital infrastructure offline, and left the university’s main website unavailable.
The university disclosed the incident on June 18, stating that it detected the issue on Wednesday and immediately activated its incident response procedures to contain the threat and protect affected systems.
“When the issue was identified, the university took prompt steps to contain the threat and protect its systems,” MRU said in a public notice posted through an alternate communications channel while its primary website remained inaccessible.
The university said it has retained external cybersecurity experts to assist with the response and investigation and is following established incident response protocols.
Critical university services affected
The cyberattack has disrupted several systems relied upon by students, faculty, and staff.
According to the university, the outage has affected its primary website, the MyMRU online portal, campus internet connectivity, telephone services, and other internal systems. Google Workspace services, including Gmail, remained available during the disruption.
Despite the incident, Mount Royal University remained open on Thursday. Students were instructed to attend scheduled examinations unless notified otherwise, while employees were encouraged to work remotely where possible.
The university also stated that campus safety infrastructure, including fire detection and alarm systems, continues to operate normally.
Mount Royal University’s disclosure comes amid a surge in cyber incidents affecting educational institutions. Earlier this month, the University of Nottingham disclosed a major cyber incident that reportedly exposed student and applicant information, while BreachNews also reported on multiple U.S. colleges targeted in an ongoing education-sector extortion campaign.
Investigation still in early stages
The university said its investigation remains in the early stages and that it has not yet determined whether any personal information, research data, employee records, or other sensitive information was accessed or exfiltrated during the incident.
At the time of publication, MRU had not disclosed the nature of the attack, whether ransomware was involved, or how threat actors may have initially gained access to university systems.
The institution has also not provided an estimated timeline for restoring affected services.
Because the incident remains under investigation, many key questions remain unanswered, including the scope of any unauthorized access and whether attackers were able to move laterally within university networks before containment measures were implemented.
Education sector remains a frequent target
Universities continue to be attractive targets for cybercriminals due to the large volumes of personal information, financial records, research data, and intellectual property maintained across academic environments. Disruptions can have immediate operational consequences, particularly during examination periods and enrollment cycles.
The education sector has faced sustained pressure from both ransomware groups and data extortion operations throughout 2026. Recent incidents have included the confirmed Instructure Canvas breach, which affected educational institutions across the United States, and reports of active exploitation targeting university infrastructure through Oracle PeopleSoft environments.
While there is currently no indication that data theft occurred at Mount Royal University, incidents involving prolonged service outages often require extensive forensic analysis before organizations can determine whether information was accessed or removed from affected systems.
Mount Royal University said cybersecurity experts are continuing to investigate the incident and assess its impact.
The university had not issued any public statement indicating whether law enforcement agencies or privacy regulators have been notified at time of publication.
BreachNews will update this story if additional details regarding the attack, affected systems, or potential data exposure become available.
