Overview
- UNAM’s IT directorate detected the intrusion during the vacation period and disabled the five affected systems under established incident-response protocols.
- The university says preliminary analysis found no evidence of extraction from personal-data systems and notes that key registries in DGAE and DGAPA were not impacted.
- UNAM emphasizes it does not centralize all records on a single server and has begun coordinating with local and federal cybersecurity authorities to file legal complaints.
- Journalistic reports and an attacker using the alias ByteToBreach claim broader access and data offered for sale in cybercrime forums, assertions the university disputes.
- Context includes a reported illicit access detected in March 2025 and expert warnings that any leaked information can be reused long term, underscoring sector-wide cybersecurity gaps.