We are seeing a noticeable increase in phishing and email spoofing attempts targeting our organization. These messages may appear to come from trusted sources but are designed to trick recipients into clicking malicious links, downloading harmful attachments, or providing sensitive information.

Please remain vigilant and use caution when reviewing emails—especially those that:

• Urge immediate action or create a sense of urgency

• Contain unexpected attachments or links

• Request login credentials, financial information, or sensitive data

• Appear to come from internal contacts but have unusual formatting or tone

• Continue to monitor for known phish attempts at https://ispo.unm.edu/phish-bowl

How to Report Suspicious Emails in Microsoft Outlook Web (OWA):

1. Do not click any links or download attachments.

2. Open the suspicious email.

3. Click the “Report” button in the toolbar (this may appear as “Report Message” or a phishing icon).

4. Select “Phishing” or “Junk”, as appropriate.

5. Submit the report. The message will be sent to IT/security for review and removed from your inbox.

More information in reporting email can be found in the following knowledge article: https://unm.service-now.com/kb/en/how-do-i-report-spam-or-phishing-email?id=kb_article_view&sysparm_article=KB0016353

The University of New Mexico is aware of a cybersecurity incident reported by Instructure, the company that provides Canvas to UNM and to thousands of other institutions worldwide. This was a vendor incident – UNM's own systems and networks were not affected. Additionally, Canvas does not have access to UNM passwords. 

Currently, there are limited impacts to UNM's Canvas environment, which otherwise continues to function normally. For details on these impacts, visit italerts.unm.edu. 

What happened 

Late on May 1, 2026, Instructure initially disclosed that a cybersecurity incident occurred that was affecting its systems. Instructure stated that the incident has been contained.  

Instructure later publicly shared that the information involved consists of names, email addresses, and student ID numbers, as well as private messages between users. At this time, they have found no evidence that other Personally Identifiable Information (PII) was involved. Impacted institutions will be notified directly if that assessment changes. 

For the latest official information from Instructure, visit status.instructure.com. 

What UNM is doing 

UNM Information Technology is actively monitoring the situation with Instructure and is coordinating with them to assess any specific impacts to UNM systems, users, and data. 

What you should be on the alert for 

Out of an abundance of caution, UNM recommends that UNM Canvas users be cautious of phishing attempts, especially those that use your name, email, and/ or student ID – especially those messages that have a sense of urgency.  

UNM will not send you links asking you to enter your password and MFA. You will only see login prompts when you access an official UNM site or service, such as Banner, LoboMail, or Canvas.  

Always use the report phishing button if you receive a suspicious message. If you notice suspicious activities in your account, we recommend changing your password at NetID.unm.edu. We also recommend selecting a longer password than the minimum requirements. If a password change does not resolve the issue, please call the IT service desk at 505-277-5757.  For examples of phishing emails, please visit phishbowl.unm.edu. 

Due to the healthcare nature of UNM Health and Health Sciences (HHS), there may be variations to services and support for HHS students, faculty, and staff.  If you experience any issues regarding HHS technology services, please follow these steps: During regular business hours, 8-5, Monday-Friday, contact the Health Sciences IT Service Desk at 505-272-1694.  Outside of regular business hours, contact the Health IT Service Desk at 505-272-3282 (2-DATA). 

If you believe you may be a victim of fraud or identity theft, please file a police report. For more information and for other resources related to fraud and identity theft, visit this UNM site: identityprotection.unm.edu 

We are aware of a Canvas-related token issue that can interfere with some third-party publisher integrations within Canvas. Symptoms may include failures with grade sync, assignment deployment, student access to materials and grades, etc. Resolution requires action by instructors of affected courses to reauthorize the publisher in Canvas.

At this point, we’ve heard reports related to McGraw Hill and Cengage. More information and workarounds for each is available via their respective websites:

• McGraw Hill 

• Cengage 

Other third-party systems may be affected with similar steps required for instructors to reauthorize the use of the tool in their course. For specific questions, please check with the publisher or Canvas Support.

InCommon SSL/TLS certificate lifespans were reduced to a maximum of 200 days on March 15, 2026. This is a vendor change outside UNM's control.

This applies to all certificate types as enforced by the global governing organization, Certificate Authority Browser Forum. Lifespans will be further reduced to 100 days On March 15, 2027, and to 47 days on March 25, 2029. The purpose of this change is to reduce risk by decreasing validation periods.  

The current recommended solution is certificate automation using the ACME protocol with tools like certbot (https://certbot.eff.org/).
*Note: Wildcard certificates can currently only be requested as a Subject Alternate Name (SAN) on a Multidomain certificate profile. The Common Name (CN) of the certificate must not be a wildcard.

The University of New Mexico is upgrading its campus phone system to replace aging equipment that will no longer be supported after December 2026. This upgrade will help ensure reliable service and support the university’s future communication needs.

The project is actively underway, and buildings will be contacted and scheduled for transition in phases. Departments will receive more information as their building’s upgrade approaches. A timeline of identified buildings and upcoming phases is available on the Voice System Replacement Project Website.

For questions or more information, please contact the project team at voiceproject@unm.edu.

To ensure continued security UNM IT is performing maintenance on the voice mail system Tuesday May 19th 2026, beginning at 6:00 pm. During the three hour window the voice mail system will be intermittently unavailable.
If users experience any issues with their voice mail services after the maintenance window please contact the IT Support Center at 505-277-5757.

To improve network performance and resilience, UNM IT Data Networks will be migrating building connections within the South Campus zone onto new network equipment. IT wired and wireless network services will be unavailable in each of the listed buildings during the maintenance on May 23rd, from 8:00AM until 5:00PM and May 24th, from 8:00AM until 5:00PM. Affected buildings are listed below:

• Bldg 301- University Football Stadium
• Bldg 302- The Pit
• Bldg 303- South Golf Course
• Bldg 307- Collen J Maloof Admin Bldg
• Bldg 308- Tow Diehm Athletics Facility
• Bldg 309- Baseball
• Bldg 312- Rudy Davalos
• Bldg 331- Crystal Growth Facility
• Bldg 334- Technology Commercialization Center
• Bldg 336- Softball Field Storage
• Bldg 337- Advanced Materials Lab
• Bldg 338- CHTM
• Bldg 339- Office and Light Lab Facility
• Bldg 341- Manufacturing Technology and Training Center
• Bldg 343- Softball Home Team Facility
• Bldg 344- UNM Press Basehart
• Bldg 345- AIMS
• Bldg 346- SSSC
• Bldg 352- Center for Alcoholism Substance Abuse and Addiction
• Bldg 398- Lobo Village
• Bldg 806- Mesa Del Sol

• Services affected (communicate to needed parties)

• Wireless (Service and Management)
• Security Cameras per building
• Security Camera NVR – Service and Management
• Environmental and Energy Service Panels per building
• Access control panels per building

? Panels maintain their own database for access, so prox access to the building will still work. Updates from controllers will be lost and will re-establish when the building is brought back online.

• Alarm Panels per building
• Inter-building communication – Servers, department services, Lab hosted equipment
• Voice/VoIP per building
• General Network/Internet connectivity

The UNMH and UNM Data Networking teams will be doing maintenance on the VoIP network that supports VoIP phones throughout the Health System and Health Sciences Center.  The work must be done to ensure the reliability and availability of IT services and to mitigate the risk of a lengthy unplanned service outage. We have worked with key stakeholders to identify the best date for completing the work that will have the least impact on users. 

We know there is no ideal time to perform this work, and we thank you in advance for your understanding of the need to maintain our systems and services. 

Maintenance Window:

- May 9th, 2026, 8AM to 5PM

During this time, Health System and Health Sciences Center users will experience an intermittent outage of phone service on VoIP phones only.  UNM Campus Police and 911 will be accessible during the scheduled maintenance and, if required, can be reached via your mobile device.

For assistance with UNM IT services, please contact UNM IT Customer Support Services at 277-5757. Hours of operation are Monday – Friday, 7:30 a.m. to 5 p.m.