UNAM Contains Cyberattack, Confirms No Data Breach

The Universidad Nacional Autónoma de México (UNAM) detected and contained a cyberattack deployed into five of its IT systems during the winter vacation period. The institution confirmed the activation of security protocols and the absence of data extraction following the incident.

The timely detection, made by the General Directorate of Computing and Information and Communication Technologies (DGTIC), allowed for the isolation of compromised assets before the vulnerability could spread to the central infrastructure. 

"The university, in a preventive manner, immediately activated institutional protocols for responding to information security incidents, which included the disabling of the corresponding systems,” reads the official statement from the university.

This technical response protocol was essential to mitigate the impact, considering that the UNAM manages a network of more than 100,000 information systems. The strategy of compartmentalization prevented the attack vector from compromising the operational integrity of the institution, allowing over 99.99% of its infrastructure to remain operational and secure.

The incident occurs in a digital ecosystem where academic institutions have become primary targets for threat actors. According to reports, since March 2024, there have been active investigation files related to attempts to breach the digital perimeters of the university. This persistence of attacks emphasizes the importance of cybersecurity as a component of national security, given the density of personal data and intellectual property these institutions house.

Regarding the integrity of data assets, UNAM’s General Directorate of Social Communication (DGCS) says that "there are no indications of information extraction from the personal data systems of students or academic and administrative personnel, which remain secure under institutional protection schemes."

This statement addresses versions regarding alleged access to specific databases, such as those of the Chemistry Faculty, aligning with the results of the initial digital forensic analysis performed by the DGTIC.

Following the containment of the attack, the UNAM began a coordination phase with local and federal cybersecurity authorities. This process includes filing legal complaints and collaborating with digital intelligence units to identify the origin and methodology of the intrusion. The event follows a series of recent attacks against government and autonomous bodies in Mexico, including reported breaches at the Supreme Court of Justice of the Nation (SCJN) and platforms of the Tax Administration Service (SAT).

During 2024, the education sector in Mexico experienced a 22% increase in attempted cyberattacks, with an average of 3,507 events per week per institution. Previous cases, such as the data leak in schools including CBTis 76 and CETis 44 by an actor identified as "marssepe" in cybercrime forums, demonstrate the consequences of direct access to databases. These leaks exposed names, CURP, and email addresses, among others.

While the Ministry of Public Education (SEP) contracted cybersecurity services for MX$246 million in 2024 (US$13.6 million), the absence of standardized response plans across all administrative layers maintains critical gaps. The resolution of this incident at the UNAM establishes a precedent for the necessity of constant audits and the update of regulatory frameworks for data protection in the Mexican academic field.