2024 Cybersecurity Incident Response and Investigation

At the start of the spring 2024 semester, K-State began to experience a disruption to certain network systems. Upon detection, university IT took immediate steps to investigate the disruption, isolating the areas of concern. We are able to confirm that these disruptions were the result of a cybersecurity incident.

K-State has partnered with IT forensics experts on a comprehensive investigation process, and the investigation is still ongoing. As information becomes available regarding the investigation, it will be posted below. Information for employees regarding IT systems updates and operational guidance is available by logging in with your eID/password.

Thursday, Jan. 25, 7:30 a.m.

Thank you letter from President Linton

Dear K-State Community,

I write to you today with one very simple yet important goal: I want you to know how incredibly thankful and proud I am for the resilience, patience, service-minded spirit and thoughtful leadership displayed by our students, faculty and staff over these past couple of weeks as we have navigated the current IT disruptions together.

I've said it before, and I'll say it again: K-Staters do not shy away from challenges. We face them head on, and we come out stronger on the other side. Time and time again, we find solutions, and we don't miss a single beat along the way.

I want you to be proud of these simple truths today:

  • We continue to teach and foster learning.
  • We continue to conduct groundbreaking research.
  • And we continue to serve our state, our nation and our world.

No matter what challenges come our way, we continue to deliver on our mission. Period.

Read the full letter

Tuesday, Jan. 23 7:22 p.m.

IT Services has restored listserv, VPN and KSU Wireless, KSU Housing and eduroam authenticated wireless connections.

K-State students, faculty and staff who connect to the network via wireless services should switch to authenticated wireless services, which are KSU Wireless or KSU Housing. Users that have been connected to these networks previously will need to forget the existing network connection and reauthenticate with the new credentials. Below are helpful articles to assist in the process:

VPN is also now available for current students, faculty and staff. Duo authentication will be required to login.

If you need assistance, the IT Service Desk is available to support you this week from 7:30 a.m.-10 p.m. on Jan. 24 and 25.

Listservs are now available. With this function restored, it is anticipated K-State Today emails will return in their original format on Wednesday, Jan. 24.

Tuesday, Jan. 23, 6:07 a.m.

Mandatory password reset

Visit the password reset page for detailed instructions on how to reset your eID password.

The IT Service Desk is available to support you Monday-Thursday 7:30 a.m.-8 p.m., Friday 7:30 a.m.-6 p.m.; Sunday 1-8 p.m.

Monday, Jan. 22, 7:30 a.m.

A mandatory password reset will take place early on the morning of Tuesday, Jan. 23. All students, faculty and staff will be required to change their passwords in order to regain access to centralized IT services, including systems like Webmail, Canvas, HRIS and more. This step is being taken out of an abundance of caution to protect our systems and your information. Read the complete details in K-State Today.

Interim Provost Mercer has shared additional academic continuity guidance. Read the letter in K-State Today.

Sunday, Jan. 21, 5:16 p.m.

Work continues on the IT disruption. Among many efforts, the IT team has been working on bringing university listservs back online to help bolster our communication efforts. As part of this work, you may begin to receive listserv messages that were dispatched earlier in the week and failed, as failed messages will begin to cycle through an "attempt to re-send" process. Additionally, standard listserv probe messages may resume.

Additional updates will be provided as information becomes available.

Friday, Jan. 19, 7:51 p.m.

Work on the IT disruption continues this weekend. Please stay vigilant against possible phishing attempts. Additional updates as information becomes available.

Thursday, Jan. 18, 9:51 a.m.

KSU Wireless is currently unavailable. Please use KSU Guest to connect wirelessly during this time.

Wednesday, Jan. 17, 5:38 p.m.

Stay Informed: K-State Today emails set to resume Jan. 18

K-State Today emails will return in a temporary format on Thursday, Jan. 18. This format will be used until all K-State Today functions are fully restored and operational.

K-State Today’s email format will look different, with a different header image and a curated selection of articles included in the email version. Complete versions of K-State Today are published online at:

There may be a delivery delay of up to 48 hours with the Thursday, Jan. 18, edition. Thank you for your patience.

Keeping the university community informed is a top priority. This new version of K-State Today provides us a way to ensure you receive the latest news in your inbox, but please also continue to visit this website, where the most up-to-date information on the IT services disruption will always be posted.

Tuesday, Jan. 16, 6:15 p.m.

University statement regarding recent IT services disruption

As was announced this morning, K-State has been experiencing a disruption to certain network systems, including VPN, K-State Today emails, and videos on Canvas, or Mediasite. Upon detection, university IT took immediate steps to investigate the disruption, isolating the areas of concern. We are able to confirm that these disruptions are the result of a recent cybersecurity incident, and as such, we want you to know that these impacted systems were taken offline and will remain offline for the immediate future as the investigation continues. This will also include select shared drives and printers, as well as university listservs.

Our top priority is to address this issue promptly and efficiently, as we understand the importance of maintaining business and academic continuity during this time. We will keep you informed as the investigation continues to ensure your engagement with the university is uninterrupted.

Please rest assured that we are dedicating significant resources to bring involved systems back online quickly and safely. Additionally, we have engaged third-party IT forensic experts to assist us in the ongoing investigation efforts.

During this time, it is critical that we all remain diligent and follow cybersecurity best practices and trainings. If you notice anything suspicious as you engage with university technology, students should reach out to the IT help desk. Faculty and staff should reach out to their departmental IT points of contact.

University leaders are arranging meetings with departmental contacts around business processes and operations that may be impacted to ensure continuity. If you have any questions, please refer those to your Dean or Vice President.

Additionally, Interim Provost Mercer has issued guidance to academic deans to share with their department heads and faculty regarding academic continuity, including sharing alternative video resources given the disruption to Mediasite.

We will continue to post ongoing communications here at k-state.edu/update. Since the investigation is still ongoing, we will not be able to share information that could compromise that investigation. We appreciate your understanding, grace and resilience as we move through this process together.

Thanks to all who are working hard to isolate this incident, restore systems, and ensure business and academic continuity. K-Staters are known to face challenges and not hide from them, creating solutions and driving toward our future. And we will continue to do just that.

Tuesday, Jan. 16, 2024 9:25 a.m.

The university is experiencing disruption to some network systems, including VPN, K-State Today emails and video on Canvas, or Mediasite. We are investigating the extent of the issues and will provide updates to the university community as they are available.

To read today's K-State Today visit:


View frequently asked questions regarding the Jan. 2024 cybersecurity incident.