Recently the National Autonomous University of Mexico (UNAM) confirmed to have suffered a cyberattack that affected five of its computer systems during the holiday period at the end of the year, activating response protocols and raising concerns about data protection and the resilience of institutions with enormous digital infrastructures. This incident, the subject of extensive coverage in national and international media, highlights that even large educational organizations are targets of sophisticated computer threats.

What is known about the cyber attack on the UNAM?

The UNAM reported that, between December 31, 2025 and January 1, 2026, it detected a unauthorized intrusion into five of its more than 100,000 computer systems, belonging to different units and services of the university.

After the incident was detected, the General Directorate of Computing and Information and Communication Technologies (DGTIC) activated the institutional protocols for dealing with computer security incidents, including the preventive immobilization of compromised servers and coordination with authorities to file the corresponding complaints with the Office of the Attorney General of the Republic (FGR).

Although the UNAM assured that there is no evidence of extraction or filtration of personal data of students, teachers or administrative staff in these five specific systems, the initial disclosure of the hack has sparked debate and various media versions, including research that suggests the exposure of emails, encrypted passwords, enrollment numbers and other sensitive data.

Why this incident is significant

Universities as high-value objectives

Modern universities aren't just educational institutions; they are complex digital ecosystems who manage large volumes of personal data, intellectual property, research and critical services for thousands of users. This makes them attractive objectives for cybercriminals and actors with diverse motivations (from data theft to reputation or internal information leak).

Debate on the real extent of the gap

While the official version minimizes data leakage, several news reports indicate that improper access could have allowed attackers to obtain information that includes institutional emails, passwords (albeit encrypted), financial receipts and internal communications. These differences between public versions and independent reports highlight the importance of transparency and detailed technical analysis after a security incident.

Importance of times and context

The attack was detected during a vacation period, which is usually a window of opportunity for attackers due to reduced operational oversight. This highlights the need for continuous monitoring, independence of key resources and robust access control, especially in large scale infrastructures such as those of a university.

How similar attacks occur

Un cyberattack is defined as any offensive action aimed at compromising the confidentiality, integrity or availability of systems, networks or data, for malicious purposes such as information theft, interruption of services or unauthorized access.

Attacks on institutions with a high density of data and digitized services may involve:

  • Exploitation of vulnerabilities in applications or web services
  • Unauthorized access due to compromised credentials
  • Lateral movements within the network to escalate privileges
  • Silent extraction of sensitive information

The complexity of these vectors requires a multilayered defense that combines technology, processes and coordinated response.

What risks are involved for companies

Although many attacks on universities seem “public”, the impact can extend to private organizations and the business sector:

1. Reusing credentials

If users use the same passwords in external or corporate environments, a gap in an education system can facilitate access to business assets.

2. Indirect supplier exposure

Companies that collaborate with universities can be involved if their systems are connected or if they manage shared services.

3. Vulnerabilities in supply chains

If an attack compromises systems that interact with other services or providers, it can trigger cascading effects across a company's entire digital chain.

Key measures to protect business infrastructures

Faced with incidents such as the UNAM hack, organizations should consider:

  1. Ongoing digital risk assessment
    Identify critical assets, common attack vectors, and potential configuration gaps.
  2. Proactive monitoring and automated response
    Implement SIEM/EDR solutions that detect abnormal behavior and reduce response time.
  3. Access policies and identity management
    Use of multifactor authentication and strict privilege control.
  4. Third-party software review and hardening
    Regular audits of external dependencies and components.
  5. Continuity and recovery plans
    Ensure backup, incident isolation, and failure recovery strategies

Cybersecurity as a strategic priority

El Cyberattack on the UNAM it is not only a wake-up call for educational institutions but for all organizations with valuable digital assets. The convergence of personal data, critical services and sophisticated threat vectors requires a comprehensive approach to security that combines technology, organizational culture and operational resilience.

These types of threats reinforce the need to consider the enterprise IT security as a strategic business pillar, not only as an element of technical protection.

How Apollo Cybersecurity Can Help You

In Apollo Cybersecurity we support companies to:

  • Evaluate the digital attack surface and prioritize critical assets
  • Develop incident response plans and BCP/DRP
  • Implement controls of secure identity and access
  • Monitor and mitigate attacks before they spread

If you want to understand How an incident like the one at the UNAM could affect your organization and what are the best practices to reinforce your security, we can help you design a preventive strategy aligned with your business objectives.

Contact Apolo Cybersecurity and strengthens your defense against increasingly sophisticated cyberattacks.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity