Skip to content
Campus Alert Archive
K-State

Infrastructure failure, January 16, 2024

AI-generated · every claim is source-linked
KSinfrastructure failureadvisoryhigh confidence
Confirmed Threat

Kansas State University announced a disruption to some IT systems on the morning of January 16, 2024 (the first day of spring-semester classes) and confirmed by that afternoon it was caused by a cybersecurity event. Impacted systems were taken offline upon detection, leaving VPN, email, Canvas, Mediasite videos, printing, shared drives, and listservs unavailable along with parts of the phone and payment systems. Email for the daily K-State Today bulletin did not return until January 18, 2024.

Alerts
3
Response
Killed
Injured
Institution
Kansas State University
Public R1 · KS
All K-State cases →
~20,000 studentsK-State Alerts
Official alert policy
Read when and how K-State says it will use K-State Alerts: summarized, quoted, and analyzed.
Documented Timeline

Alert Sequence

3 messages in sequence · 3 verified verbatim

INITIAL ALERTWebsite
The university is experiencing disruption to some network systems, including VPN, K-State Today emails and video on Canvas, or Mediasite. We are investigating the extent of the issues and will provide updates to the university community as they are available.
The notice landed on the first day of spring classes, maximizing the operational impact on students and faculty trying to access Canvas.
UPDATEWebsite
As was announced this morning, K-State has been experiencing a disruption to certain network systems, including VPN, K-State Today emails, and videos on Canvas, or Mediasite. Upon detection, university IT took immediate steps to investigate the disruption, isolating the areas of concern. We are able to confirm that these disruptions are the result of a recent cybersecurity incident, and as such, we want you to know that these impacted systems were taken offline and will remain offline for the immediate future as the investigation continues. This will also include select shared drives and printers, as well as university listservs. Our top priority is to address this issue promptly and efficiently, as we understand the importance of maintaining business and academic continuity during this time. We will keep you informed as the investigation continues to ensure your engagement with the university is uninterrupted. Please rest assured that we are dedicating significant resources to bring involved systems back online quickly and safely. Additionally, we have engaged third-party IT forensic experts to assist us in the ongoing investigation efforts. During this time, it is critical that we all remain diligent and follow cybersecurity best practices and trainings. If you notice anything suspicious as you engage with university technology, students should reach out to the IT help desk. Faculty and staff should reach out to their departmental IT points of contact. University leaders are arranging meetings with departmental contacts around business processes and operations that may be impacted to ensure continuity. If you have any questions, please refer those to your Dean or Vice President. Additionally, Interim Provost Mercer has issued guidance to academic deans to share with their department heads and faculty regarding academic continuity, including sharing alternative video resources given the disruption to Mediasite. We will continue to post ongoing communications here at k-state.edu/update. Since the investigation is still ongoing, we will not be able to share information that could compromise that investigation. We appreciate your understanding, grace and resilience as we move through this process together. Thanks to all who are working hard to isolate this incident, restore systems, and ensure business and academic continuity. K-Staters are known to face challenges and not hide from them, creating solutions and driving toward our future. And we will continue to do just that.
Taking systems offline 'upon detection' is a deliberate containment step that itself causes the visible outage, the cure and the symptom look the same to users.
UPDATEWebsite
K-State Today emails will return in a temporary format on Thursday, Jan. 18. This format will be used until all K-State Today functions are fully restored and operational. K-State Today's email format will look different, with a different header image and a curated selection of articles included in the email version. Complete versions of K-State Today are published online at: Faculty/Staff: k-state.edu/today Students: k-state.edu/today/students There may be a delivery delay of up to 48 hours with the Thursday, Jan. 18, edition. Thank you for your patience. Keeping the university community informed is a top priority. This new version of K-State Today provides us a way to ensure you receive the latest news in your inbox, but please also continue to visit this website, where the most up-to-date information on the IT services disruption will always be posted.
This is a phased-restoration update rather than an all-clear; it explicitly warns of continuing email delays.
Message elements

How the first alert is built

To check this alert, Claude (an AI) read it in full 25 separate times, independently. Each read decided whether the message answers each of the six questions and gave a short reason. A final reviewer then weighed all 25 and wrote the plain-English verdict you see when you open a row. The score (for example 22/25) is how many reads agreed; the 25 individual reads are tucked underneath if you want to check them.

The university is experiencing disruption to some network systems, including VPN, K-State Today emails and video on Canvas, or Mediasite. We are investigating the extent of the issues and will provide updates to the university community as they are available.

  • Sourceabsent0/0

    Who is sending the alert and who is responding. People act faster on a message from a clearly identifiable, credible sender, such as a named department, the police, or a branded alert system, than on an anonymous notice. A branded signature counts.

    See all 25 individual reads

    Open to load the 25 reads.

  • Hazardabsent0/0

    What the threat actually is. A complete warning names the specific danger, such as a shooter, a fire, a tornado, or a gas leak, rather than a vague emergency, because people decide what to do based on what they are facing.

    See all 25 individual reads

    Open to load the 25 reads.

  • Locationabsent0/0

    Where the threat is. Saying whether danger is in a specific building, a part of campus, or area-wide lets people judge their own proximity and choose a safe direction. Without a where, a warning is hard to act on precisely.

    See all 25 individual reads

    Open to load the 25 reads.

  • Guidanceabsent0/0

    The protective action to take. A clear, specific instruction, such as shelter in place, evacuate, avoid the area, or run-hide-fight, drives faster and more correct protective behavior than describing the threat alone.

    See all 25 individual reads

    Open to load the 25 reads.

  • Timeabsent0/0

    When the message applies. A timestamp, the word now or immediately, or a phrase like until further notice tells the reader whether the danger is current and how quickly to act.

    See all 25 individual reads

    Open to load the 25 reads.

  • Impactabsent0/0

    What the hazard could do to the people in its path. Beyond naming the threat, a complete warning conveys its potential consequences or severity, such as that a tornado can level buildings or that a leak could be explosive, so recipients grasp how much danger they are in. Research on warning message content finds that a concrete impact statement helps people personalize their risk and act sooner.

    See all 25 individual reads

    Open to load the 25 reads.

Systematic AI judgments with visible reasoning, not human-validated codings.

About this analysis
Context

Background

Kansas State University, a roughly 20,000-student public R1 in Manhattan, Kansas, announced an IT disruption on the morning of January 16, 2024, and confirmed that afternoon it stemmed from a cybersecurity event. The timing was acute: January 16 was the first day of spring-semester classes, and the outage knocked out VPN, email, Canvas, Mediasite, printing, shared drives and listservs, with phone and payment systems also affected. The university's IT FAQ catalogued the disabled services and the phased restoration that followed, with K-State Today email not returning until January 18. K-State engaged outside forensic experts; GovTech reported the university was coming back online over subsequent days. The incident occurred the same week as a separate cyberattack at Clackamas Community College in Oregon. Because email and the campus alert ecosystem partly depend on the same network, the university leaned on its web portal to communicate during the outage.
Analysis

Key Findings

A cyberattack disabled email, VPN and Canvas on the very first day of spring classes, maximizing disruption
Containment (taking systems offline upon detection) itself produced the visible outage students experienced
Email's 48-hour restoration delay forced the university to communicate through its web portal during the incident
The attack was part of a January 2024 cluster of higher-ed cyber incidents that also hit Clackamas Community College
Outcome
K-State engaged third-party forensic experts and restored VPN, KSU Wireless, eduroam and listservs over the following days. No cybercrime group publicly claimed the attack, and the university did not characterize it as ransomware at the outset.
Provenance

Sources

  1. Official
  2. Official
  3. News
  4. News
  5. Official
  6. News
  7. News
Cite this case

Campus Alert Archive. "Kansas State University: Infrastructure failure, January 16, 2024." Incident of January 16, 2024. Added May 2026; last updated July 2026. https://campusalertarchive.com/case/kansas-state-university-cyberattack-2024-01-16/

Download case JSON

Alert text quoted on this page remains the work of the issuing institution; the archive is a secondary source.

Tags
cyberattackkansaspublic-r1canvasvpnit-outageadvisory
Added May 2026Updated July 2026Via ingestion