Campus alert, April 21, 2023
AI-generated · every claim is source-linkedOn April 21, 2023, Truman State ITS discovered a ransomware attack on the university network. All Truman-issued Windows devices and services were powered down. FBI field offices in Kirksville, Kansas City, and St. Louis, plus DHS, were called in. Online classes were cancelled Monday. Network services were restored over the week, with email returning on April 28. The university did not pay a ransom.
- Alerts
- 2
- Response
- —
- Killed
- —
- Injured
- —
Alert Sequence
2 messages in sequence · 1 verified verbatim
Some messages in this sequence are documented (their existence, timing, and channel are sourced) but their exact wording is not preserved in the public record. Those entries appear as placeholders; only confirmed text is displayed.
How the first alert is built
To check this alert, Claude (an AI) read it in full 25 separate times, independently. Each read decided whether the message answers each of the six questions and gave a short reason. A final reviewer then weighed all 25 and wrote the plain-English verdict you see when you open a row. The score (for example 22/25) is how many reads agreed; the 25 individual reads are tucked underneath if you want to check them.
Security Incident – Cyber Security Virus Attack Information regarding the security incident On the morning of Friday, April 21, Truman Information Technology Services (ITS) found evidence of what appeared to be virus on the University network. In an effort to mitigate potential spread, all Truman-issued Windows-based devices and services were powered down and remained inactive, along with the campus network, while ITS responded to the incident. During this time, the University also engaged a firm of outside experts, resulting in a cybersecurity resource dispatched to be onsite throughout the week to help resolve the issue. ITS promptly alerted law enforcement at the time of the incident and it was verified as a form of malware. ITS worked with agents from FBI field offices in Kirksville, Kansas City and St. Louis, as well as the Department of Homeland Security, on solutions. On Monday, April 24, ITS conducted preliminary assessments of most primary campus workstations at risk for this particular form of malware and began installing a security patch. By Tuesday, April 25, some network services were brought back online. Additional services were restored throughout the week, culminating with the resumption of email service, Friday, April 28. What happened? A cyber security virus attack on the campus network. What information was involved? It is not believed any of Truman's enterprise systems with personally identifiable information were accessed. The University is continuing to monitor and assess what personally identifiable information, if any, may have been accessible in other parts of the network. What is being done now? A new security tool was implemented to halt the spread of the virus, and servers/systems were remediated and in some cases rebuilt. The University will continue to monitor the campus network. While there is currently no evidence personally identifiable information was taken, out of an abundance of caution, Truman is providing the opportunity to enroll in identity theft protection free of charge. Please be assured we remain committed to protecting personal information. We are working hard to limit the impact of this incident on our Truman community. Additional information will be released at https://idinfo.truman.edu What can you do? You can enroll in identity theft protection free of charge. If you choose not to enroll in this coverage, the Federal Trade Commission (FTC) recommends that you at least place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or changes your existing accounts. You can find out how to do this, as well as other helpful information, by reading through the Frequently Asked Questions on this website. For additional information about identity theft, visit http://www.consumer.gov/idtheft or call toll free 877-ID-THEFT (877 438 4338); TTY: 866 653 4261.
Sourceabsent0/0
Who is sending the alert and who is responding. People act faster on a message from a clearly identifiable, credible sender, such as a named department, the police, or a branded alert system, than on an anonymous notice. A branded signature counts.
See all 25 individual reads
Open to load the 25 reads.
Hazardabsent0/0
What the threat actually is. A complete warning names the specific danger, such as a shooter, a fire, a tornado, or a gas leak, rather than a vague emergency, because people decide what to do based on what they are facing.
See all 25 individual reads
Open to load the 25 reads.
Locationabsent0/0
Where the threat is. Saying whether danger is in a specific building, a part of campus, or area-wide lets people judge their own proximity and choose a safe direction. Without a where, a warning is hard to act on precisely.
See all 25 individual reads
Open to load the 25 reads.
Guidanceabsent0/0
The protective action to take. A clear, specific instruction, such as shelter in place, evacuate, avoid the area, or run-hide-fight, drives faster and more correct protective behavior than describing the threat alone.
See all 25 individual reads
Open to load the 25 reads.
Timeabsent0/0
When the message applies. A timestamp, the word now or immediately, or a phrase like until further notice tells the reader whether the danger is current and how quickly to act.
See all 25 individual reads
Open to load the 25 reads.
Impactabsent0/0
What the hazard could do to the people in its path. Beyond naming the threat, a complete warning conveys its potential consequences or severity, such as that a tornado can level buildings or that a leak could be explosive, so recipients grasp how much danger they are in. Research on warning message content finds that a concrete impact statement helps people personalize their risk and act sooner.
See all 25 individual reads
Open to load the 25 reads.
Systematic AI judgments with visible reasoning, not human-validated codings.
About this analysisBackground
Key Findings
Sources
- Official
- News
- national media
- News
- Official
Campus Alert Archive. "Truman State University: Campus alert, April 21, 2023." Incident of April 21, 2023. Added April 2026; last updated July 2026. https://campusalertarchive.com/case/truman-state-university-cyberattack-2023-04-21/
Alert text quoted on this page remains the work of the issuing institution; the archive is a secondary source.