Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

The Mackenzie building at the Royal Military College of Canada in Kingston Ont., on May 17, 2013. Authorities are investigating a data breach at the college.

Lars Hagberg/The Canadian Press

Federal authorities, including the RCMP, are investigating a data breach at the Royal Military College after hackers posted documents that reveal soldiers’ personal information online.

Experts say the leak is a glaring example of the growing threat that “ransomware” poses to organizations.

In a statement released Wednesday, the Department of National Defence said it is working with several federal agencies to probe the breach affecting RMC in Kingston and three affiliated military schools that use a shared computer network.

Story continues below advertisement

In addition to RCMP detectives, intelligence agency experts are also involved. “We continue to work with RCMP National Cyber Crime and [Ontario] Division who are actively investigating,” DND said in an e-mail to The Globe and Mail, adding that intelligence analysts at the Canadian Centre for Cyber Security are also working “to minimize any potential impact to our people and operations.”

The Globe first reported the ransomware attack in early July. At that time, the school’s dean of engineering said in a blog post that fixing problems would mostly be a matter of restoring data that had been scrambled from afar by a hacking group.

But it is now clear that the hackers did not merely encrypt RMC’s data – they also took, or “exfiltrated,” corporate records, including ones detailing students’ lives and academic ambitions.

Such double-barrelled attacks are an example of the evolving way in which ransomware hackers shake down the organizations they infiltrate for money, experts say.

“Up until the end of last year, ransomware groups simply encrypted their victims’ data. Starting in November they began stealing it, too, to use the stolen data as additional leverage to extort payments,” said Brett Callow, a threat analyst at Emsisoft.

The New Zealand-based company is among several cybersecurity firms monitoring fallout from the data breach at RMC.

“Even if an organization has backups that weren’t encrypted [by the hackers], they have still got the problem of what to do about the stolen data,” Mr. Callow said. “If the ransom is paid, the organization will receive a decryption key to unlock its own data. And the criminals will make a pinky promise that the stolen data will be destroyed.”

Story continues below advertisement

RMC teaches Canadian Forces soldiers about modern warcraft and offers several cybersecurity courses.

Over the past week, some stolen RMC documents started turning up on the dark web, or relatively obscure internet sites that involve untraceable data exchanges among anonymized users. Several cybersecurity firms are now posting samples of the stolen RMC material onto public social-media sites as a way of sounding a broader alarm.

Such firms have scrubbed the leaked RMC materials of information that would identity soldiers.

One leaked document involves a list of more than 3,300 computers and devices on the college’s internal network.

The more specific kinds of documents stolen from RMC that have leaked include a graduate student’s acceptance letter bearing a name, address and e-mail address. There is also a progress report signed by an instructor saying a PhD student is “intelligent, hardworking, and organized.” There is also a “donation approval form” outlining a $54,500 unsolicited donation of seven paintings to the college’s museum.

In general, the leaking of stolen documents by hackers is intended to ratchet up the pressure on organizations to pay ransoms, Emsisoft’s Mr. Callow says. “Should the victim still not pay,” he said, “the remaining data is released usually in a series of installments.”

Story continues below advertisement

Officials and instructors with the military college did not respond to interview requests. The college’s main website remains offline and it is unclear when computer systems will be fully restored.

News about the leaks of personal data is surfacing even as Canadian Forces students are on the cusp of starting a new academic year at the college, where the students’ ability to congregate in classrooms is being curbed by the precautions around the global COVID-19 pandemic.

“The cadets are back already – they are already locked down on the peninsula,” said David Skillicorn, a computer science professor at neighbouring Queen’s University, referring to RMC’s Point Frederick location.

He said an online course delivery system is up and running but many administrative systems remain offline. “The problem is that if you get attacked like this you can’t be sure they haven’t left malware inside one of the printers or something like that,” Dr. Skillicorn said. “So it’s a huge job to try and go through and really clean things out.”

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies