Clickability tracking pixel

Security Breach Investigation Leads Down Trail of Grade Tampering at University of Iowa

Evidence points to unauthorized devices that captured users' IDs and passwords.

by Vanessa Miller, The Gazette, Cedar Rapids, Iowa / January 23, 2017
Cybersecurity research and education just got a big boost at Columbus State University. Nate Grigg via Flickr CC 2.0 Wikimedia Commons

(TNS) — IOWA CITY, Iowa — The University of Iowa is investigating a "handful" of possible cases of cheating -- and warning the entire campus community to change their HawkID passwords — after a faculty member discovered a student's grade had been changed without authorization.

A university official confirmed the investigation Thursday after UI Chief Information Security Officer Jane Drews on Wednesday sent out a message notifying the campus that her department had warned about 250 faculty, staff, and students that their university IDs and passwords had been obtained by "unauthorized individuals."

According to that notification, the suspects obtained the account information by secretly attaching physical devices to university computers in classrooms and computer labs.

"The investigation shows someone attached unauthorized devices to university instructional computers to capture instructor IDs and passwords," according to UI spokeswoman Anne Bassett. "A few students appear to have then used the passwords to change their grades in select courses."

The university initially notified a half-dozen faculty members whose HawkIDs and passwords potentially were used to change grades, according to Bassett.

"Right now, it appears the unauthorized devices captured the username and password for approximately 250 university faculty members, staff, and students," Bassett said, adding, "Only five percent of those accounts were subsequently used by someone other than the account owner."

No evidence suggests the devices were used to access any records other than academic records, according to Bassett.

If the university determines students cheated, it will "take appropriate disciplinary action, which may include expulsion or suspension."

The university's information technology services unit is conducting a "physical examination of all instructional computers to search for any additional unauthorized devices." And officials continue to advise all UI community members to change their HawkID passwords -- if they haven't already done so.

Bassett said police also are involved, as this is an ongoing criminal and academic investigation.

In response to the breach, the university also is reminding employees to make sure their two-factor authentication -- a two-Step login process -- is enabled and properly configured.

To change your HawkID password, visit

To enroll a two-step login with duo security, visit

Anyone wanting more information can contact the Information Technology Services Help Desk at (319) 384-4357 or

Anyone who suspects their HawkID account was used inappropriately can contact the Information Security & Policy Office at (319) 335-6332 or

©2017 The Gazette (Cedar Rapids, Iowa), distributed by Tribune Content Agency, LLC. 

Keeping Students Healthy, Safe and On Track in the New Normal

As education leaders strive to address unprecedented challenges along with ongoing trends, they are grappling with outdated, unwieldy and disjointed communications systems; inadequate collaboration platforms.

How Embracing the Cloud is Leading to Short and Long-Term Solutions in Education

When schools throughout the country transitioned to online learning in March 2020, they had to quickly address two challenges.

E.REPUBLIC Platforms & Programs