Cook County Overhauls Code Red System After Data Breach Exposes User Information The Cook County Sheriff’s Office recently announced temporary disruptions to its Code Red emergency alert system following a data breach that compromised user data. Code Red, part of the Integrated Public Alert and Warning System (IPAWS), enables government agencies to send critical public safety notifications. According to Rowan Watkins, Director of County Management Information Systems, the breach exposed names, contact details, and passwords of individuals registered for the service. The stolen data could be exploited for phishing attacks, with bad actors impersonating local government officials to deceive recipients. Watkins warned that reused passwords—particularly those linked to banking or other sensitive accounts—pose an additional risk, as attackers may attempt to access multiple platforms. The security flaw has since been addressed, and Code Red has launched an updated system. Existing users will have their accounts manually migrated by the sheriff’s department, requiring no action on their part. However, Watkins noted a surge in sophisticated phishing attempts targeting the county, urging residents to verify suspicious communications. In response to the incident, Cook County is also transitioning its digital infrastructure to enhance security. Over the next six months, the county will phase out its long-standing cook.co.mn.us domain in favor of a .gov URL, a move designed to reduce confusion and make it harder for scammers to mimic official communications. While current URLs will remain active, they will redirect to the new addresses. The changes reflect broader efforts to strengthen cybersecurity amid rising threats, with Watkins emphasizing the need for improved public awareness of fraudulent tactics.

Cook County, Minnesota, experienced a sophisticated phishing-based cyber attack where hackers compromised a county employee’s email via a malicious link sent from a trusted partner organization’s legitimate account. The breach triggered a domino effect, risking further phishing propagation across interconnected municipal systems. While the attack was contained using the county’s incident response plan, it disrupted operations and necessitated coordination with state agencies to mitigate risks. The attack exploited AI-driven low-barrier cybercrime tools and dark web resources, reflecting the escalating threat landscape targeting local governments. Though no ransomware was explicitly confirmed in this incident, the method mirrored tactics used in broader criminal or state-sponsored campaigns, emphasizing vulnerabilities in public-sector cybersecurity. The breach underscored the potential for cascading impacts across linked agencies, including emergency services, had it escalated.

Cook County failed to protect the public's personal information. The private information of anyone issued a traffic citation in the state of Illinois has been readily available to anyone who asks for it. Personal information such as birthdays, addresses, license plate numbers and more. They were able to pull up sensitive information of public officials including Chicago Mayor Rahm Emanuel and Cook County Sheriff Tom Dart. CBS also found information for everyone including celebrity athletes, federal judges, police officers and domestic violence victims.

Cooke County in Texas was apparently hit by a gang using REvil ransomware. Cooke County had a population of 38,437 at the last US census in 2010 and the seat of the county is in Gainesville. Malicious attackers had posted screenshots of what they claim are documents and data from the county's police department on the dark web.