Overview
- UNAM’s DGTIC says unauthorized access was detected during the vacation period in five of more than 100,000 institutional systems.
- The affected systems were disabled and incident‑response protocols were activated as part of a containment and preliminary forensic review.
- Officials state there are no indications that databases holding student, academic, or administrative personal information were extracted.
- The university is coordinating with local and federal cybersecurity authorities to file legal complaints and continue the investigation.
- Separately, reporting cites ByteToBreach claims of a far broader breach and data offered for sale, along with earlier 2025 warnings and a cited Next.js vulnerability, but those allegations remain unverified and are denied by UNAM.