Emergency communication faced significant disruption after OnSolve CodeRED, a widely used voluntary emergency notification tool, was permanently taken offline following a ransomware attack. Law enforcement agencies and municipalities leaned on CodeRED for urgent alerts, and the system’s unexpected closure left officials searching for alternatives. The abrupt shutdown highlights growing concerns over cybersecurity vulnerabilities in critical public infrastructure, raising questions about the resilience of current notification systems.
Recent incidents involving CodeRED primarily affected local law enforcement and municipalities relying on its messaging capabilities. In previous cases, outages were often short-lived or caused by technical issues, rather than malicious actors. The current ransomware event stands out due to its widespread scope, duration of the outage, and the disclosure of private user information, raising broader worries about digital threats to public safety networks compared to earlier disruptions.
What Led Crisis24 to Shut Down OnSolve CodeRED?
After forensic analysis, Crisis24, the company responsible for CodeRED, reported that the ransomware attack had severely compromised the system’s environment, rendering recovery impossible. The company clarified that the threat was isolated, with no evidence it had reached other platforms. Officials confirmed access to CodeRED was lost for nearly two weeks, affecting dozens of jurisdictions while emphasizing that national systems like the Emergency Alert System remained operational and unaffected.
How Did the Security Breach Impact Users?
Personal information, including names, addresses, emails, phone numbers, and passwords, was compromised and subsequently leaked. Crisis24 advised users to update reused passwords, particularly where the same credentials were used across different services. The breach prompted some agencies, such as the Douglas County Sheriff’s Office in Colorado, to sever ties with CodeRED.
“Users who have reused their OnSolve CodeRED password for any other personal or business accounts are advised to change those passwords immediately,”
Crisis24 warned.
What Steps Is Crisis24 Taking to Secure Future Services?
With the original platform decommissioned, Crisis24 fast-tracked the deployment of a newly developed CodeRED system, ensuring separation from the environment affected by the attack. According to statements shared with customers and posted by agencies, the new notification service was not compromised.
“We have accelerated the rollout of our new CodeRED by Crisis24 platform and are transferring all customers to this platform for their alerting and notification needs,”
company representatives stated. To further address security concerns, the company commissioned a comprehensive audit and third-party penetration tests to verify that the breach was contained and did not extend to its updated platform.
The shutdown of OnSolve CodeRED demonstrates critical vulnerabilities within opt-in emergency notification systems, emphasizing the need for stringent cybersecurity protocols to protect sensitive user data. As ransomware attacks targeting infrastructure increase, both public and private organizations should reevaluate their defenses and incident response strategies to reduce risk. Practical measures for users include immediately changing compromised passwords, activating multi-factor authentication where available, and being alert for potential phishing attempts related to breaches. Timely communication from companies like Crisis24 about cyberattacks remains essential for helping affected agencies and individuals respond effectively to such incidents.
