A nationwide emergency alert system, CodeRed, used in Benton and Franklin counties, is currently offline following a cyber attack that may have compromised personal data. The system, which alerts residents to emergencies like wildfires, has prompted local authorities to implement contingency plans. Sean Davis, director of Franklin County Emergency Management, explained, "Instead of seeing a CodeRed message or it coming in with our standard 888 number that it comes across [as], it will be one from Washington state or Walla Walla emergency management... The back end is where the big changes are happening." Officials assure residents that no immediate action is required and updates will be provided as CodeRed is restored.

Crisis24, the owner of the CodeRED emergency alert platform, suffered a cyber attack leading to a data breach where names, addresses, email addresses, phone numbers, and passwords of users (including 88,000 landline and 130,000 cell phone subscribers) were potentially leaked. The attack also disabled the entire CodeRED system nationwide, preventing critical emergency alerts (e.g., wildfires, active shooters) from being sent to residents. Law enforcement agencies, including Douglas County Sheriff’s Office, terminated contracts due to the lack of notification about the outage and breach, forcing them to rely on social media and door-to-door alerts as temporary measures. The breach exposed users to credential stuffing attacks, with experts warning of potential financial fraud if passwords were reused. Crisis24 confirmed the attack was contained to the legacy CodeRED environment but admitted the incident disrupted public safety communications across multiple states, raising concerns over the reliability of emergency notification systems.

The OnSolve CodeRED emergency alert system, operated by Crisis24, was disrupted by a cyberattack attributed to the INC Ransomware group. The attack compromised the platform, exposing personal data of users, including names, addresses, email addresses, phone numbers, and passwords, raising concerns about credential reuse across other accounts. The INC Ransom group claimed to have exfiltrated ~1.15 TB of data before encrypting systems, with initial access gained on November 1 and encryption deployed on November 10.Local governments reliant on CodeRED for emergency alerts were forced to seek alternatives, with some (e.g., Douglas County Sheriff’s Office, Colorado) terminating contracts due to privacy concerns, while others (e.g., Craven County, North Carolina) transitioned to temporary solutions like media announcements and social media alerts. Crisis24 is migrating users to a new, audited CodeRED platform, expected to be operational by November 28, but the outage has already disrupted critical emergency communication services across multiple U.S. jurisdictions. The attack also involved failed ransom negotiations, with Crisis24 allegedly offering $150,000, which the group rejected.

The Douglas County Sheriff’s Office halted the use of CodeRED, an emergency alert system, after discovering a cyberattack and data breach that compromised customer information. The breach was detected on November 21, though system outages were reported two weeks prior without confirmation. While the stolen data has not been publicly leaked, authorities warn that personal information of CodeRED users may have been exposed, prompting recommendations to monitor credit reports. The breach affected hundreds of agencies nationwide, forcing multiple counties (including Weld and Park) to abandon the platform. Douglas County is now relying on door-to-door notifications, social media, and alternative alert systems (like IPAWS) while transitioning to a new provider. The incident has disrupted critical emergency communications, as CodeRED was previously used for evacuation orders, shelter-in-place alerts, and wildfire warnings. Users must re-register for any new system, as their data will not transfer automatically. The breach has eroded trust in the platform’s security, leaving communities vulnerable during emergencies.

Local Emergency system breached, Bradenton says. Do you need to change your passwords? CodeRED, an emergency alert system used by the city of Bradenton , experienced a cyberattack during which personal information of users was breached. According to a news release provided by the City of Bradenton, the breached information was associated with personal accounts, and included things such as names, addresses, contact information and account passwords. Some residents should change their passwords for other platforms to avoid hacking attempts, officials say. Do you need to change your passwords? Residents who subscribed to CodeRED before March 31 of this year should change any passwords that are similar or identical to the one used for their CodeRED account, City of Bradenton spokesperson Tiffany Shadik told the Bradenton Herald. Subscribers who enrolled in CodeRED after March 31 of this year were not in the breached database and do not need to take any action, according to Shadik. CodeRED platform used by Bradenton faces cyberattack OnSolve, the entity that runs CodeRED, has taken the platform offline nationwide, the City of Bradenton wrote in the release. Clients of the alert system have been transitioned into the CodeRED by Crisis24 system, which is active and able to send alerts in the case of an emergency. Officials say they will also continue using other notification methods in the event of an emergency, including social media, website updates and email alerts.