BREAKING: University urges students to change password after HawkID hack

The hack affected not only students, but faculty and staff as well

At 12:43pm today, UI Chief Information Security Officer, Jane Drews, sent out a mass email to the University of Iowa student body regarding reports that numerous HawkID accounts have been hacked via devices attached to university computers. The email reads:

We recently notified approximately 250 university faculty, staff, and students that their HawkID and password had been obtained by unauthorized individuals using physical devices that had been secretly attached to university computers in classrooms and computer labs. Given the scope of credentials that were stolen, we want to inform the broader community of this situation as well. The individuals who installed and operated these devices used a few of the captured accounts to access classroom computers, email, and ICON.

University IT staffs are manually examining computers to look for suspicious devices, and are also developing plans to expand the use of two-factor authentication to additional key applications.

Unless we have already notified you, we currently don’t have evidence that your HawkID and password were involved in this incident. However, we still strongly encourage you to change your password as a precautionary step.

Change your HawkID Password: http://hawkid.uiowa.edu

We realize phishing scams frequently encourage users to click on links to change their passwords and want to assure you that this is a legitimate message from the UI Information Security and Policy Office. You can verify this message by visiting the Information Technology Services website (its.uiowa.edu), where we have a news story posted on the home page.

Please contact the Information Technology Services Help Desk at (319) 384-4357 or [email protected] or your department IT support if you need assistance with these tasks.

If you believe your HawkID account was used inappropriately, please contact the Information Security & Policy Office at (319) 335-6332 or [email protected].

Sincerely,
Jane Drews
UI Chief Information Security Officer

The email explained that the hack affected not only University of Iowa students, but faculty and staff as well. It also stated that University IT Staffs are in the process of physically checking all university computers in search of the devices used to conduct the hacking.

It is currently unknown who is responsible for the hack.

The university urges that students take steps to change their HawkID passwords as a precaution.

Students can contact the ITS Help Desk at (319) 384-4357 or [email protected] for assistance or additional information.

If you believe you may be a victim of the hack, contact the Information Security & Policy Office at (319) 335-6332 or [email protected] immediately.

More information to follow.

More
University of Iowa Hide Images