Description: Towns and cities across the US are without access to their CodeRED emergency alert system following a cyberattack on vendor Crisis24. Various municipalities have issued near-identical advisories about the attack on the OnSolve CodeRED platform, now owned by Crisis24, which enables residents to receive real-time alerts for emergencies such as weather warnings, missing children, terror threats, and more. In its warning about the situation to locals, the Sheriff's Office for Douglas County, Colorado, this week announced that it had terminated its CodeRED contract and that it was actively searching for a replacement. The wording of similar disclosures made by other regions suggests that they will be sticking with Crisis24 as it works to bring a brand-new CodeRED platform online, which was being developed before the attack. Crisis24 told customers that the new platform "resides on a non-compromised, separate environment," which has undergone "a comprehensive security audit" and "additional penetration testing and hardening." "While the city's CodeRED account has been decommissioned, staff is working with the vendor to migrate to a new emergency alert platform," said the City of University Park, Texas. "Please know that protecting your personal information is our highest priority, and we are committed to safeguarding your data by working with vendors who provide secure, reliable systems." While they wait for the new platform to come online, most of the affected areas across

Description: The **CodeRED** emergency notification system, operated by **Crisis24**, suffered a **ransomware attack** by the hacker group **INCRansom**, forcing the company to decommission its legacy infrastructure. The attack disrupted services for multiple organizations nationwide, including the **City of Worcester’s AlertWorcester system**, rendering it unavailable. The breach resulted in the theft of sensitive user data, including **names, addresses, email addresses, phone numbers, and passwords** from CodeRED profiles. While Crisis24 is rebuilding the system using backups from **March 31, 2025**, some user accounts will be missing. The stolen data is being sold by the hackers, though no evidence of it being publicly leaked has been confirmed. Ransom negotiations failed, exacerbating the incident’s impact. The outage has left municipalities and emergency services without critical alert capabilities, posing risks to public safety communication.

Description: The **OnSolve CodeRED** emergency alert system, operated by **Crisis24**, was disrupted by a **cyberattack** attributed to the **INC Ransomware group**. The attack compromised the platform, exposing **personal data of users**, including **names, addresses, email addresses, phone numbers, and passwords**, raising concerns about credential reuse across other accounts. The INC Ransom group claimed to have **exfiltrated ~1.15 TB of data** before encrypting systems, with initial access gained on **November 1** and encryption deployed on **November 10**.Local governments reliant on CodeRED for emergency alerts were forced to seek alternatives, with some (e.g., **Douglas County Sheriff’s Office, Colorado**) terminating contracts due to **privacy concerns**, while others (e.g., **Craven County, North Carolina**) transitioned to temporary solutions like **media announcements and social media alerts**. Crisis24 is migrating users to a **new, audited CodeRED platform**, expected to be operational by **November 28**, but the outage has already **disrupted critical emergency communication services** across multiple U.S. jurisdictions. The attack also involved **failed ransom negotiations**, with Crisis24 allegedly offering **$150,000**, which the group rejected.

Description: A **ransomware attack** targeted the **CodeRED emergency notification platform**, administered by **Crisis24**, compromising personal data of users nationwide and disrupting critical public alert systems. The breach exposed sensitive information—including **names, addresses, email addresses, phone numbers, and passwords**—with evidence suggesting the data was published online by an organized cybercriminal group. While no financial data was collected by the platform, the attack forced a **complete shutdown of the CodeRED system**, halting emergency notifications for **floods, gas leaks, missing persons, and other life-threatening events** across multiple cities.The incident required Crisis24 to **rebuild the system from scratch** and migrate customers to a new platform, causing prolonged outages. Authorities warned users who reused their CodeRED passwords on other accounts to change them immediately to prevent further exploitation. Though internal city systems remained unaffected, the **loss of public trust and operational disruption** posed significant risks, as the platform is vital for time-sensitive safety communications. The attack underscored vulnerabilities in critical infrastructure, leaving communities temporarily blind to emergencies while recovery efforts continued.