Delivery alert

There may be an issue with the delivery of your newspaper. This alert will expire at NaN. Click here for more info.

Recover password

UNM notifies community of data breach

Copyright © 2017 Albuquerque Journal

A month after discovering a computer server breach that may have compromised personal information for about 23,000 people, the University of New Mexico Foundation has begun sending notification letters about the incident.

The foundation on Monday mailed letters to the “potentially affected” donors, annuitants, foundation employees and vendors, according to a spokeswoman for UNM’s fundraising organization.

That’s a full month after officials first learned an “unauthorized individual” had gained access to a file server, according to details outlined in a foundation memo to trustees.

The May 10 memo, obtained by the Journal, cited April 17 as the breach discovery date.

According to the memo, the incident might have compromised contact information, donation amounts and checking/routing numbers for 22,000 donors, plus other data – such as Social Security numbers, birth dates and banking information – for more than 750 employees, vendors and annuitants – individuals who receive annual payments from charitable gift annuities that benefit the university.

The foundation says the breach did not involve its “advance donor database” that contains general information on more than 300,000 UNM alumni and donors.

The breached server contained human resources information and archive financial data. That might include copies of received checks that the foundation stores for audit purposes, spokeswoman Jennifer Kemp said.

Kemp explained the lag between the discovery and the notification process as the time it took the foundation to determine the breadth of the breach, secure the system and identify what and whose information might have been affected. Prior to mailing the letters, the foundation also hired a credit monitoring and repair service firm to help individuals possibly impacted.

“There are numerous legal requirements, as well as what we feel are moral requirements, that need to be completed to ensure we not only understand the scope of the incident but also identify the necessary actions that need to take place,” Kemp said in an email to the Journal. She added the foundation completed the steps “as soon as we possibly could.”

The foundation did not supply the Journal with a requested copy of the notification letter, but Kemp said it detailed the incident, the foundation’s response, the available credit monitoring and “general information about identity theft protection.” She said the foundation had notified federal law enforcement.

The Journal first reported on the breach late last week, and Kemp said the story generated “a few calls.” Nobody has reported any potential issues yet, she added.

Subscribe now! Albuquerque Journal limited-time offer

Albuquerque Journal seeks stories of our community's pandemic loss

If you’ve lost a loved one to COVID-19 and would like for the person to be included in an online memorial the Journal plans to publish, please email a high-resolution photo and a sentence about the person to Please email
Please include your contact information so we can verify, and your loved one’s name, age, community where they lived and something you want our readers to know about them.