The University of Regina is investigating the possibility that one or more students hacked into its computers in order to adjust grades, confirming a tip received by CBC's iTeam.
Officials are "investigating irregularities in the grades of four classes in the Faculty of Engineering," Kim McKechney, associate VP of external relations, wrote in an email.
'We are taking this matter very seriously.' — Kim McKechney, associate VP of external relations
He said the adjustment of grades appears to have happened sometime this summer. He said it was discovered in late August and the university took immediate action.
As part of its normal protocol when dealing with potential computer breaches, the university asked professors in the faculty to change their passwords.
"I don't want to prejudice the investigation in terms of what occurred," McKechney told CBC News. "But the end user and passwords are typically viewed as the most vulnerable… element in which people can gain unauthorized access so that's of course the first step you take."
The investigation is proceeding on the possibility this breach was done by a student or students, in keeping, McKechney said, with the university's code of conduct governing student behaviour.
"Faculty or staff of the university are not the subject of this investigation, though a few are obviously being contacted as part of the investigatory process," McKechney wrote.
Some of the affected students have already been notified of the apparent breach, McKechney said. But some who may have been affected have not yet been informed of the investigation.
He said he's unable to offer any other details as the investigation is underway.
"We are taking this matter very seriously, so it is critical that we be as thorough and fair as possible," he said.
McKechney said once that investigation is complete, the university will decide if the facts warrant turning things over to the police.
Not the first time
This isn't the first time the university has investigated hacking.
In July 2016 it launched an investigation after being targeted by hackers, which raised concerns about the possibility of compromised personal information.
The university identified three computers on campus which had been accessed without authorization as a result of two separate cyber attacks.
McKechney said Thursday that forensic analysis conducted by an outside firm concluded "there was no evidence that any personal or sensitive information was ultimately extracted or disclosed."
However, he did acknowledge that the review identified some "security vulnerabilities that the university has taken some actions on and continues to take action on," including tighter procedures, stronger security software, mandatory security training for some staff, and the hiring of a new IT security worker.