Overview
- UNAM reported an intrusion during the vacation period affecting five of its more than 100,000 information systems and said the affected services were disabled as a precaution.
- The university stated that a first technical analysis shows no indications of extraction from systems holding student or personnel data, including those managed by DGAE and DGAPA.
- Posts attributed to the alias ByteToBreach and coverage by reporter Ignacio Gómez Villaseñor claim broader access and offer UNAM databases for sale, allegations the university disputes.
- Reports describe alleged technical vectors such as compromised F5 BIG‑IP load balancers, exposed SSH keys and LDAP/root access impacting email, matriculation and hashed passwords, which UNAM has not confirmed.
- UNAM clarified that a separate investigation into a March 2025 illicit access remains open at the FGR, as cybersecurity experts warn any leaked materials could be reused and urge stronger defenses across universities.