Universidad de Monterrey (UDEM) Database Allegedly for Sale on Underground Forum
- Listing Surfaces: A forum actor claims to be selling a "complete database" tied to Universidad de Monterrey.
- Data Scope: The alleged archive covers student, faculty, and staff records through 2026.
- Asking Price: The full database is listed for $400, and the claim remains unverified.
A threat actor on an underground forum claims to be selling a "complete database" tied to Universidad de Monterrey (UDEM), describing it as an academic and personnel archive spanning student, faculty, and staff records through 2026. The claim is currently unverified, and UDEM has not been confirmed as the legitimate source of the data.
UDEM Database Listing Details
According to the listing, the UDEM data breach covers a broad range of records across the institution through 2026. The actor states the archive includes:
- Student personal information,
- Contact details,
- Graduation statistics,
- Internal IDs,
- Academic credentials,
- Enrollment history,
- Academic records,
- Faculty and staff employment details.
- University-issued certificates,
- Transcripts,
- Grade histories,
- Department assignments.
To substantiate the offer, the actor published sample materials, including alleged certificate-style documents, profile photos, and spreadsheet-style records. The full database is listed for $400, which is unusually low for a "complete" institutional database if genuine.
Student Data Potentially Exposed
This combination of personally identifiable information and institutional identifiers, if accurate, would expose both current members and alumni to potential risks. No independent confirmation of the dataset's authenticity, volume, or origin has been established at this stage, so the legitimacy of the samples and the completeness of the archive remain unproven.
Monterrey-area academic incidents include hackers reportedly claiming a Tecnológico de Monterrey (ITESM) university data breach earlier this year, while a Universidad Autónoma de Nuevo León (UANL) dataset was allegedly listed for sale in 2025.
In other news, early this month, Musashino University confirmed a ransomware attack that Qilin claimed, and the University of Pennsylvania, Harvard University, and the Italian La Sapienza University were targeted in February.







