OnSolve CodeRED, a voluntary, opt-in emergency notification system used by law enforcement agencies and municipalities across the country, has been permanently shut down in the wake of a ransomware attack.
Crisis24, the company behind the service, said it decommissioned the platform after the cyberattack damaged the OnSolve CodeRED environment earlier this month. “Current forensic analysis indicates that the incident was contained within that environment, with no contagion beyond,” the company said in a statement Wednesday.
Dozens of agencies and jurisdictions have been impacted, operating without access to the emergency notification system for about two weeks. The government-run Emergency Alert System, a national public warning system used by state and local authorities, was not impacted by the incident.
Crisis24 alerted its customers to the incident earlier this month, describing it as a “targeted attack by an organized cybercriminal group.” Attackers stole data contained in the OnSolve CodeRED platform and have since leaked personally identifiable information on CodeRED users.
Agencies impacted by the attack have notified their users of the breach, warning them that names, addresses, email addresses, phone numbers and passwords were compromised. “Users who have reused their OnSolve CodeRED password for any other personal or business accounts are advised to change those passwords immediately,” Crisis24 said.
Some CodeRED customers, including the Douglas County Sheriff’s Office in Colorado, said they took “immediate account to terminate our contact with CodeRED for cause.”
Crisis24, which was already in the process of building a new CodeRED platform, told customers the legacy system was in a separate environment and insisted the new service was not compromised, according to agencies that published information they received from the company.
“We have accelerated the rollout of our new CodeRED by Crisis24 platform and are transferring all customers to this platform for their alerting and notification needs,” the company said.
Customers also said the company initiated a full security audit and third-party penetration testing to confirm damage was limited to the legacy system.
Crisis24 said it notified law enforcement and an investigation into the attack is ongoing. The company did not attribute the attack to any specific threat group, but INC ransomware claimed responsibility for the attack when it added OnSolve to its data leak site last week.
“Cyberattacks remain a persistent threat across all sectors, and we regret that this incident has occurred,” the company said. “We remain fully committed to supporting our customers and ensuring their basic alerting and public notification requirements continue to be met without interruption.”