Cyber Incident Victim: University of New Mexico Foundation

The University of New Mexico Foundation discovered a breach of a computer server on or around April 16, 2017, which potentially exposed personal information belonging to approximately 23,000 individuals. The foundation initiated notification letters to affected parties one month after discovery, mailing them on May 16, 2017. Recipients included donors, annuitants, foundation employees, and vendors whose data resided on the compromised system. While the foundation confirmed unauthorized access to the server, specific technical details about the intrusion method, duration of unauthorized access, or data exfiltration patterns were not publicly disclosed. The organization did not state whether forensic investigators identified the threat actors or their motives.

This incident drew public attention due to the one-month gap between breach discovery and victim notifications, a delay that mirrored prior criticism of UNM's response timelines in previous security incidents. Media coverage highlighted the absence of breach timeline specifics beyond the April 16 discovery date, leaving the actual intrusion period undefined in public reporting. The foundation's communications confirmed the exposure of personal information but did not specify data types or whether sensitive details like Social Security numbers or financial records were involved. No information was released regarding containment measures, system remediation steps, or post-breach security enhancements. The lack of breach chronology and technical particulars limited public understanding of the attack's operational impact beyond the confirmed data exposure.