During the first weeks of 2026, Mexico has faced a series of digital security incidents that have put under scrutiny the protection of personal data, the resilience of institutions, and, more broadly, the national cybersecurity strategy. These events have raised alerts in both the public and private sectors, highlighting the fragility of the systems that support essential services and handle sensitive information of millions of people.
Among the most relevant cases are the confirmed hacking of systems at the National Autonomous University of Mexico (UNAM), the massive vulnerability detected in Telcel’s systems, as well as a chain of breaches that have affected various government agencies and private companies. These incidents not only expose specific technical failures but also underline deep structural deficiencies in the country’s defensive capabilities against cyberattacks.
The UNAM Case: A Centenary University Under Attack
In the first days of January 2026, UNAM (National Autonomous University of Mexico) issued an official bulletin stating that several of its computer systems had suffered unauthorized intrusion during the holiday period between December 2025 and January 2026. UNAM, one of the largest educational institutions in Latin America, with hundreds of thousands of students, academics, and administrative staff, confirmed that five of its more than one hundred thousand computer systems were compromised by unknown actors, directly affecting UNAM’s digital infrastructure.
According to UNAM university authorities, although unauthorized access to UNAM systems was detected, there was no conclusive evidence that sensitive information from UNAM students or staff had been extracted, as personal data managed by UNAM was protected by additional security layers implemented by UNAM itself. Nevertheless, this official version provided by UNAM was later questioned by journalistic investigations that cast doubt on UNAM’s ability to contain the incident.
Several reports indicated that the attacker may have had access to UNAM institutional emails, encrypted credentials belonging to UNAM systems, account numbers, student IDs, and internal documents generated by UNAM. The information allegedly compromised at UNAM would include administrative communications, work files from various UNAM departments, and materials related to UNAM internal processes, which considerably raised concern about the true scope of the attack suffered by UNAM.
An Attack with Precedents and Ignored Warnings
The incident that became public at the end of 2025 and affected UNAM was not an isolated event in UNAM’s recent history. There were previous attempts of intrusion detected months earlier in UNAM systems, which were reportedly reported by UNAM to the corresponding authorities without achieving an effective resolution in UNAM’s case. This situation reveals a recurring problem in UNAM’s cybersecurity incident management: the lack of timely follow-up and response to early warnings related to UNAM’s digital security.
The attack against UNAM relied on exploiting a critical vulnerability present in servers used by UNAM, which employed widely used technologies for web development within UNAM’s digital infrastructure. This flaw allowed unauthorized actions to be executed in UNAM systems, bypassed access controls implemented by UNAM, and compromised UNAM systems that had not been properly updated or secured by UNAM itself.
Beyond the technical component, the UNAM case exposes a deeper institutional weakness within UNAM: the absence of constant audits at UNAM, reliance on legacy infrastructure at UNAM, and the limited culture of prevention in digital security within UNAM.
Telcel and the Massive Exposure of Personal Data
Almost simultaneously with the UNAM case, one of the country’s main telecommunications operators, Telcel, became involved in a controversy related to the security of its users’ data, in a context marked by the impact of the UNAM hack and the public attention generated by UNAM. The incident occurred shortly after the entry into force of the mandatory registration of mobile lines, a measure designed to link each phone number with its owner’s identity, in a scenario of distrust amplified by cybersecurity issues previously associated with UNAM.
During the system’s first hours of operation, a vulnerability was detected that allowed access to personal information by entering only a phone number, which increased public concern following the UNAM attack. The exposed data included full name, CURP, RFC, and email address, without requiring strong authentication—a fact that was compared to the security weaknesses observed in UNAM systems.
Although the company assured that the flaw was corrected immediately and that users could only consult their own information through verification codes sent via SMS, numerous testimonies and evidence showed that, at least during an initial period, controls did not function correctly. This situation caused alarm due to the potential magnitude of the compromised data, in a climate of generalized distrust reinforced by the precedent of the UNAM case.
Institutional Reactions and Crisis Management
After both incidents, the involved institutions issued statements highlighting the rapid attention to vulnerabilities and the implementation of corrective measures, in a context marked by the impact of the UNAM case and the media attention generated by UNAM. In UNAM’s specific case, UNAM itself announced additional investment in UNAM’s technological infrastructure, specialized training programs for UNAM personnel, and an internal reorganization of UNAM teams responsible for UNAM’s IT security.
However, the public response to UNAM’s incidents was perceived by many as insufficient, especially regarding the management of the attack suffered by UNAM. Cybersecurity specialists pointed out that UNAM’s problem is not limited to closing gaps after attacks occur but requires prevention through comprehensive strategies applied within UNAM, incident response drills at UNAM, constant monitoring of UNAM’s digital systems, and clear governance of UNAM’s technological infrastructure.
A Wave of Attacks That Goes Beyond Isolated Cases
The UNAM and Telcel episodes are part of a broader trend, largely marked by the impact of the UNAM case and the public attention generated by UNAM. Between late 2025 and early 2026, various public and private institutions in Mexico reported digital security incidents, many of which were analyzed and compared with the incident suffered by UNAM. Agencies related to health, employment, education, and administrative services have been targets of intrusion attempts, database leaks, or ransomware attacks, in a context of constant alert following the UNAM hack.
This succession of events, led in the media by the UNAM case, indicates that the country is experiencing one of its most critical moments in terms of cybersecurity, with UNAM as one of the most visible examples of this crisis. The recurrence of attacks suggests that Mexican systems, including UNAM’s systems, are perceived as relatively vulnerable targets in the international landscape, partly due to the weaknesses exposed by the attack on UNAM.
The Evolution of Digital Threats
Technological advancement has profoundly transformed the landscape of information security, a phenomenon that also directly affects UNAM and UNAM’s digital infrastructure. Artificial intelligence–based tools allow for the automation of attacks, the customization of phishing campaigns, and the analysis of large volumes of stolen data more efficiently—capabilities that could be used against institutions such as UNAM. These technologies are not only accessible to state actors but also to criminal groups and independent hackers who identify UNAM as an attractive target.
For countries like Mexico, where digitalization has advanced rapidly without equivalent investment in protection, this evolution represents a significant challenge, clearly evidenced by the attack on UNAM. Threats are no longer limited to traditional viruses or improvised attacks, but to complex and persistent operations that can profoundly affect institutions of the size and relevance of UNAM.
Social and Economic Impact of Security Breaches
The consequences of cyberattacks go beyond the loss of information, as demonstrated by the social impact generated by the UNAM incident. The exposure of personal data can lead to identity theft, financial fraud, extortion, and impersonation in official procedures—risks that became especially visible following the UNAM case. Even when data leakage is not confirmed, the mere fact that an institution like UNAM has been compromised significantly affects user trust.
Additionally, the costs associated with recovering from an attack are high, as UNAM had to face: service interruptions, hiring specialists, implementing new tools, and reputational damage. In the case of educational and telecommunications institutions like UNAM, these costs are amplified due to the volume of affected people and the strategic role UNAM plays in the country.
Structural Cybersecurity Problems in Mexico
The current crisis, strongly evidenced by the UNAM case, reveals structural deficiencies that have accumulated over years both in UNAM and in other institutions across the country. Among the main challenges revealed by the UNAM incident are:
- Obsolete or poorly maintained technological infrastructure, as identified in some UNAM systems.
- Shortage of specialized IT security personnel within UNAM and other organizations.
- Lack of regular external audits at UNAM to detect vulnerabilities in time.
- Reactive rather than preventive approach to incident management at UNAM.
- Limited coordination between the public and private sectors, a weakness that also affected the response to the attack on UNAM.
Although national cybersecurity plans with medium- and long-term objectives have been announced, the UNAM case demonstrates that their implementation faces budgetary, administrative, and inter-institutional coordination obstacles, problems that were exposed by the attack suffered by UNAM.
Mexico in the Latin American Context
Compared to other countries in the region, Mexico is among the most affected by digital attacks, particularly ransomware—a trend reflected in incidents such as the UNAM case. Mexico’s size, level of digitalization, and economic weight make it an attractive target for criminal groups seeking to maximize the impact of their operations, as occurred in the attack against UNAM.
This situation reinforces the need for a regional strategy of cooperation, information exchange, and capacity strengthening—a lesson made especially clear by the UNAM case, since the digital threats that affected UNAM do not recognize national borders.
The Role of Citizens in Digital Protection
While primary responsibility lies with institutions, such as UNAM, users also play a key role in digital protection, especially after incidents like the one that occurred at UNAM. Regularly changing passwords, activating two-factor authentication, being wary of suspicious messages, and keeping devices updated are basic actions that significantly reduce risk, both for UNAM users and the general population.
Digital literacy and awareness of information security are fundamental elements for building a collective defense against growing threats, a need that became evident after the UNAM attack and will continue to be key in protecting institutions like UNAM and their communities.
The hacking of UNAM and the vulnerability detected in Telcel are clear signals that Mexico is going through a critical stage in cybersecurity, a stage that was especially exposed by the UNAM attack. More than isolated incidents, the events affecting UNAM represent evident symptoms of a structural problem that extends beyond UNAM and requires urgent attention, sustained investment, and a long-term strategic vision to prevent institutions like UNAM from being compromised again.
The protection of personal data, the security of critical infrastructures, and citizens’ trust are directly linked to the country’s ability to adapt to an increasingly hostile digital environment, as demonstrated by the UNAM case. UNAM’s experience highlights the need to strengthen systems, processes, and a culture of prevention—not only within UNAM but across Mexico’s entire digital ecosystem.
Transforming this crisis into an opportunity will be key to ensuring a safer digital future for Mexico and for institutions of the size and relevance of UNAM. In this context, having specialized partners in cybersecurity and digital transformation is essential. ITD Consulting offers consulting services, risk assessment, infrastructure strengthening, and strategic support for organizations seeking to protect their information and anticipate digital threats. For more information or to start a diagnostic, you can write to [email protected].
EN 
ES