Cyber Incident Victim: University of New Mexico
Date:
Sep 2016
Location:
United States of America
Summary
A breach of a legacy University of New Mexico database exposed personal information of over 1,000 former students and employees, including Social Security numbers and addresses, stemming from a now-defunct academic program. The compromised data was allegedly used by an individual arrested for identity theft and fraud, leading to unauthorized financial transactions and accounts for victims. Following initial delays in notification, the university established a response center and provided credit monitoring services to affected individuals while collaborating with law enforcement on the ongoing investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In August 2016, the University of New Mexico (UNM) disclosed a data breach affecting 1,360 former students and employees. The incident involved unauthorized access to a legacy database from the defunct Educational Leadership and Organizational Learning program within the College of Education. This decades-old system, retired before UNM's 2006 transition to the Banner platform, stored Social Security Numbers (used as primary identifiers prior to 2006), birth dates, physical addresses, email contacts, and other personally identifiable information. The breach came to light through law enforcement investigations rather than UNM's internal detection systems. Las Cruces Police Department (LCPD) arrested suspect Ronald M. Murray Jr. on August 1, 2016, following a multi-day crime spree involving fraudulent vehicle purchases and merchandise acquisitions totaling $90,000 using stolen identities. During Murray's arrest, authorities recovered a flash drive containing UNM data, directly linking him to the university breach. Murray faced 37 criminal charges including identity theft, forgery, fraud, and credit card abuse, with potential federal charges pending. The compromised database contained records spanning multiple decades, exposing victims to financial fraud risks as evidenced by unauthorized retail accounts opened at Target, Lowe's, and automotive dealerships.
UNM initiated response actions nearly one month post-discovery, establishing a dedicated call center on August 25, 2016, to assist victims with reference number 5310082516. The delayed notification left affected individuals like Carol Beth Silverman—a UNM Extended Learning employee—without institutional support during initial fraud detection, forcing her to independently contact law enforcement and media outlets. The university collaborated with Las Cruces PD and Rio Rancho PD to assess the breach's full scope while mailing formal notifications to all 1,360 impacted persons with offers for credit monitoring services. Forensic analysis confirmed the database intrusion occurred through external compromise rather than insider access, though UNM provided no technical details about the attack vector. Victims reported immediate financial consequences including unauthorized credit lines and merchandise purchases attributed to Murray's criminal activities. The suspect remained incarcerated at Sandoval County Detention Center under $100,000 cash-only bond as investigations continued into additional fraudulent transactions tied to the stolen data.