OnSolve CodeRED Cyberattack Disrupts Nationwide Emergency Alert Systems
In a significant disruption of emergency notification systems across the United States, Crisis24’s OnSolve CodeRED platform experienced a cyberattack that has raised serious concerns. This platform is crucial for state and local governments, as well as police and fire departments, enabling them to send timely alerts during emergencies.
Details of the Cyberattack on OnSolve CodeRED
The attack led to the decommissioning of the legacy CodeRED system, affecting various organizations relying on it for critical notifications and alerts. Crisis24 stated that the breach was limited to the CodeRED environment, assuring customers that other systems remained unaffected. However, sensitive data, including names, addresses, email addresses, phone numbers, and passwords, was stolen during the incident.
Data Compromise and Rebuilding Efforts
Crisis24 has confirmed that no evidence suggests the stolen data has been publicly disclosed. Despite this, customers were advised to take precautions, especially regarding password security. As a proactive measure, Crisis24 is in the process of rebuilding its services by migrating to a newly launched CodeRED platform. Unfortunately, the only available backup dates back to March 31, 2025, which may result in some accounts being missing from the new system.
Emergency Alert System Disruptions
Numerous counties and cities reported the breakdown of emergency alert systems following the cyberattack. These local agencies are now working diligently to restore communication channels for their residents. The City of University Park, Texas, issued a warning about the attack, advising residents to stay vigilant.
INC Ransomware Gang Takes Responsibility
The INC Ransomware gang claimed responsibility for the cyberattack, which they allege began by breaching OnSolve’s systems on November 1, 2025. Following the breach, files were reportedly encrypted by November 10. After what they claim was a failed ransom negotiation, the gang has announced intentions to sell the stolen data, which has included sensitive customer information.
- INC Ransomware is a RaaS enterprise that began operations in July 2023.
- Its targets have included diverse sectors, from healthcare to government agencies.
- Notable victims include Yamaha Motor Philippines and Scotland’s NHS.
Recommendations for Affected Users
Experts recommend that customers of CodeRED promptly reset their passwords, particularly if they were reused across multiple sites. This precaution will help mitigate the risks associated with potential data exploitation.
The ongoing investigation into this cyber incident reflects a growing need for robustness in digital security systems. As organizations work toward restoring their emergency alert capabilities, awareness and vigilance in cybersecurity practices are critical.
