The breach occurred at the University's Book Store on May 18 and forced the establishment to notify its customers, although it was keen to stress it was unaware that any information was actually taken.
"Although there is no evidence that any personal customer information was taken, the University of Iowa is alerting current and past University Book Store customers that a computer containing credit card numbers and student/employee ID numbers was improperly accessed from outside the UI network last month," said a statement from the University. "Since the records in the tampered system did not contain complete addresses of the credit card holders, the university cannot notify customers individually."
Security firms Verisign and the Starken Group have been hired by UI to work on preventing any further breaches.
"The confidentiality of the bookstore customers' private financial information is one of our highest priorities," said David Grady, UI assistant vice president for student services. "Since this incident, we have been working closely with UI Information Technology Security Office and our consultants to understand how this breach occurred and to determine what steps we can take to avert a recurrence."
The breach follows a year of security breaches. In May SC Magazine reported two schoolboy's hacked into a Chicago database and revealed social security numbers of people related to the establishment.