A ransomware attack on the widely used OnSolve CodeRED emergency alert platform has disrupted local public-safety notifications across numerous U.S. communities and led to a significant data breach, officials confirmed this week.
Local governments in states including Massachusetts, Colorado, Texas, Florida, North Carolina, Ohio, Kansas, Georgia, California, Missouri, Utah, Montana, and New Mexico reported outages after the platform—operated by Crisis24—was hit by a targeted cyberattack. Many agencies said they were temporarily unable to send emergency alerts for incidents such as hazardous material leaks, severe weather events, fires, and missing-person reports.
Officials emphasized that the incident did not affect the federal Emergency Alert System (EAS).
Attack Linked to INC Ransom Group
The INC Ransom cybercrime group has claimed responsibility for the intrusion, listing OnSolve on its leak site on November 22. The group alleges it gained access to company systems on November 1 before deploying file-encrypting ransomware on November 10. According to the attackers, ransom negotiations collapsed after the company refused to meet their demands.
Some data reportedly stolen from the legacy CodeRED platform—including user names, email addresses, physical addresses, phone numbers, and passwords associated with older accounts—has since been posted online. INC Ransom has also advertised the compromised information for sale.
Crisis24 Confirms Breach, Accelerates Platform Transition
Crisis24 acknowledged that data tied to the legacy version of CodeRED was exposed and that the attack caused damage to that environment. The company said current forensic analysis shows the intrusion was contained to the legacy platform with no evidence of spread to other systems.
The vendor has notified law enforcement and all affected municipal and state customers, urging users who reused CodeRED passwords on other accounts to change them immediately. Crisis24 has fully decommissioned the compromised system and is expediting the migration of customers to its newer CodeRED platform.
Some agencies have indicated they may cancel existing CodeRED contracts due to the prolonged service disruption.
Growing Wave of Municipal Cyberattacks
The breach comes amid a surge in cyberattacks targeting state and local government systems across the United States. INC Ransom has recently been linked to several high-profile incidents, including an attack on the Pennsylvania Office of the Attorney General.
Crisis24 said it “regrets that this incident has occurred” and remains committed to restoring full alerting capabilities for its customers.
