Cyber Incident Victim: College of MontMorency
Date:
May 2022
Location:
Canada
Summary
The College of MontMorency experienced a cyberattack resulting in unauthorized access and theft of personal data. Attackers affiliated with the Avos Locker group exfiltrated sensitive information and subsequently began disseminating the stolen data publicly. The incident compromised extensive institutional records, with confirmation that threat actors copied and distributed the entirety of the accessed materials.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late May 2022, the College of MontMorency in Canada publicly disclosed it had experienced a cyberattack that potentially involved the theft of personal data. The incident came to light through the college’s announcement, though specific details regarding the initial detection method or intrusion timeline were not provided in available reports. Cybersecurity outlet ZATAZ later confirmed attackers had successfully exfiltrated institutional data, with the breach attributed to the Avos Locker ransomware operation. The attackers copied the entirety of accessed data repositories, indicating broad compromise of stored information. By mid-July 2022, the threat actors initiated public distribution of the stolen data, though the dissemination channels and specific datasets released were not detailed in source documentation. The operational disruption caused by the attack was not quantified in available reporting, nor were technical specifics regarding affected systems or infrastructure provided beyond the confirmation of comprehensive data exfiltration.
The confirmed data theft involved personal information, though the exact categories and volume of compromised records remained unspecified in public disclosures. MontMorency’s primary documented response action consisted of the late-May breach notification acknowledging potential data exposure. No additional containment measures, forensic findings, or recovery timelines were detailed in the examined sources. The attackers’ subsequent data broadcasting activities confirmed operationalization of the theft for potential reputational coercion or secondary exploitation. Financial impacts, including any ransom demands or payments, were not addressed in available reporting. Similarly absent were specifics regarding regulatory notifications, victim support measures, or post-incident security enhancements undertaken by the institution. The public confirmation of data dissemination by mid-July 2022 established that stolen information had progressed beyond initial exfiltration into active leakage phases.