Campus Alert Archive
K-State

A Cyberattack Took Down Email, VPN and Canvas on the First Day of Spring Semester

KSinfrastructure failureadvisorymedium confidence
Confirmed Threat

Kansas State University announced a disruption to some IT systems on the morning of January 16, 2024 — the first day of spring-semester classes — and confirmed by that afternoon it was caused by a cybersecurity event. Impacted systems were taken offline upon detection, leaving VPN, email, Canvas, Mediasite videos, printing, shared drives, and listservs unavailable along with parts of the phone and payment systems. Email for the daily K-State Today bulletin did not return until January 18, 2024.

Alerts
3
Response
Killed
Injured
Institution
Kansas State University
Public R1 · KS
~20,000 studentsK-State Alerts
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTWebsite
Approximate reconstruction240 chars
K-State is experiencing a disruption to several of our IT systems. We are investigating the cause and working to restore service as quickly as possible. Some systems, including email, may be unavailable. Updates will be posted to this page.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: the university first announced a 'disruption in some IT systems' on its media portal before confirming a cyberattack later the same afternoon.
The notice landed on the first day of spring classes, maximizing the operational impact on students and faculty trying to access Canvas.
UPDATEWebsite
Approximate reconstruction374 chars
A preliminary investigation has determined that the disruption to our network and systems was caused by a cybersecurity event. Impacted systems were taken offline upon detection. VPN, K-State email, Canvas, Mediasite videos, printing, shared drives and Listservs are currently unavailable. We are working with outside experts and will share updates as services are restored.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: this update reflects the afternoon confirmation that a 'cybersecurity event' caused the outage and the specific list of disabled services published in the university's IT FAQ.
Taking systems offline 'upon detection' is a deliberate containment step that itself causes the visible outage — the cure and the symptom look the same to users.
UPDATEEmail
Approximate reconstruction313 chars
Some services have been restored, including Listserv, VPN and KSU Wireless, as well as KSU Housing and eduroam authenticated wireless. K-State Today email is resuming, though you may experience a delivery delay of up to 48 hours. We continue to work with third-party forensic experts and appreciate your patience.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: reporting confirmed listserv, VPN, KSU Wireless, eduroam and housing authentication came back, and that K-State Today email resumed January 18 with an expected 48-hour delivery delay.
This is a phased-restoration update rather than an all-clear; it explicitly warns of continuing email delays.
Context

Background

Kansas State University, a roughly 20,000-student public R1 in Manhattan, Kansas, announced an IT disruption on the morning of January 16, 2024, and confirmed that afternoon it stemmed from a cybersecurity event. The timing was acute: January 16 was the first day of spring-semester classes, and the outage knocked out VPN, email, Canvas, Mediasite, printing, shared drives and listservs, with phone and payment systems also affected. The university's IT FAQ catalogued the disabled services and the phased restoration that followed, with K-State Today email not returning until January 18. K-State engaged outside forensic experts; GovTech reported the university was coming back online over subsequent days. The incident occurred the same week as a separate cyberattack at Clackamas Community College in Oregon. Because email and the campus alert ecosystem partly depend on the same network, the university leaned on its web portal to communicate during the outage.
Analysis

Key Findings

A cyberattack disabled email, VPN and Canvas on the very first day of spring classes, maximizing disruption
Containment — taking systems offline upon detection — itself produced the visible outage students experienced
Email's 48-hour restoration delay forced the university to communicate through its web portal during the incident
The attack was part of a January 2024 cluster of higher-ed cyber incidents that also hit Clackamas Community College
Outcome
K-State engaged third-party forensic experts and restored VPN, KSU Wireless, eduroam and listservs over the following days. No cybercrime group publicly claimed the attack, and the university did not characterize it as ransomware at the outset.
Provenance

Sources

  1. News
    Kansas State University cyberattack disrupts IT network and services - BleepingComputer
    bleepingcomputer.com
  2. News
    Possible cyberattack disrupts classes at K-State on first day of new semester - WIBW
    wibw.com
  3. Official
    Frequently Asked Questions (2024 IT incident) - Kansas State University
    k-state.edu
  4. News
    Kansas State Coming Back Online After Cyber Attack - GovTech
    govtech.com
  5. News
    Kansas State, Clackamas Community College respond to cyberattacks - The Record
    therecord.media
Tags
cyberattackkansaspublic-r1canvasvpnit-outageadvisory
Added May 2026Updated May 2026Via ingestion