Mexico is facing an alarming series of cybersecurity breaches, threatening both public and private institutions. High-profile cases, such as data leaks from the Mexican Social Security Institute (IMSS) and security breaches at the National Autonomous University of Mexico (UNAM), highlight the increasing vulnerability of sensitive information. These incidents raise concerns about the safeguarding of users’ personal data.<\/p>\n
Between September 2025 and January 2026, Mexico experienced numerous severe cybersecurity incidents, with at least a dozen affecting various agencies. Significant breaches included:<\/p>\n
These attacks have resulted in the leakage of sensitive data, affecting millions of Mexican citizens.<\/p>\n
The UNAM incident stands out as particularly troubling. An unauthorized access event targeted five of the university’s computer systems during a holiday period. Although the university initially claimed that no personal data was accessed, investigative journalism revealed that sensitive information concerning over 380,000 students and academic staff had indeed been compromised.<\/p>\n
Journalistic investigations indicated that the hacker, known as ByteToBreach<\/strong>, accessed not only names and emails but also deeply personal documents, including complaints of workplace harassment and academic misconduct. Internal documents suggest that the university had previously identified illicit access as far back as March 2025 but failed to take appropriate action.<\/p>\n The full extent of the breach was likely exacerbated by structural issues within the university, including stalled fees collection due to audits. This lapse came at a time when a critical security vulnerability in Next.js servers was exploited, facilitating the massive cyberattack.<\/p>\n ByteToBreach is a known figure in the dark web ecosystem, having engaged in various data leak schemes since mid-2025. With ties to significant breaches affecting airlines, banks, and government bodies globally, its notoriety has escalated concerns within Mexico, particularly regarding an attack on the SAT M\u00f3vil application in December 2025.<\/p>\n Just days after mandatory mobile line registration commenced, Telcel, one of Mexico’s largest telecommunications providers, acknowledged a major data vulnerability. On January 9, 2026, it was revealed that personal details of millions of customers, including CURP and RFC numbers, could be accessed without proper authentication.<\/p>\n Initial statements from Telcel downplayed the severity, but it became evident that a technical flaw had put customer information at risk. While the company claimed users could only access their own data, evidence surfaced proving that extensive customer information was indeed exposed.<\/p>\n In response to the crises, UNAM has pledged to enhance its cybersecurity framework in 2026. Plans include establishing specialized subcommittees and investing in training programs aimed at experts within the university.<\/p>\n These cyber breaches pose significant risks, exposing citizens to identity theft, phishing attacks, and various forms of fraud. With critical information circulating on the black market, the potential for malicious exploitation is considerable.<\/p>\n In light of these developments, citizens must adopt proactive measures to safeguard their personal data:<\/p>\n These basic precautions can significantly minimize risks during this time of heightened vulnerability.<\/p>\nThe Troubling Background<\/h3>\n
Who is ByteToBreach?<\/h4>\n
The Telcel Incident: Data Exposure Unveiled<\/h3>\n
Company Response<\/h4>\n
Looking Ahead: Strengthening Cybersecurity Measures<\/h3>\n
Real-World Risks to Citizens<\/h3>\n
User Vigilance is Imperative<\/h3>\n
\n