A major cybersecurity incident has rattled emergency communication networks across the United States after the OnSolve CodeRED platform—a system relied upon by police departments, fire agencies, and local governments—was hit by a significant cyberattack. The breach, confirmed by risk management firm Crisis24, disrupted essential emergency notifications, weather alerts, and critical safety warnings, leaving many communities without timely communication during unfolding incidents.
According to Crisis24, the attack targeted only the legacy CodeRED environment, prompting the company to take it offline entirely. This immediate shutdown caused large-scale interruptions for agencies that depend on CodeRED to send rapid alerts to residents during crises. While other Crisis24 systems remain unaffected, the company disclosed that sensitive data was stolen from the compromised environment.
The stolen information includes names, addresses, email addresses, phone numbers, and passwords linked to CodeRED user profiles. Although Crisis24 maintains that there is no evidence the data has been publicly leaked, several municipalities—such as the City of University Park, Texas—have already issued warnings to their residents, advising caution.
To restore service, Crisis24 has begun rebuilding CodeRED from March 31, 2025 backups, which means many user accounts and recent system updates could be missing. This rollback complicates recovery efforts for state and local agencies that rely on the platform for mission-critical communications. Nationwide, counties and cities are working to reestablish operational alert systems to ensure residents receive emergency notifications without delays.
Meanwhile, the situation escalated further when the INC Ransomware gang claimed responsibility for the breach. Known as a fast-growing ransomware-as-a-service (RaaS) operation, INC Ransom has attacked high-profile targets since its emergence in 2023. These include healthcare providers, educational institutions, government entities, and multinational corporations such as Yamaha Motor Philippines and Ahold Delhaize.
On the gang’s Tor-based leak site, they published screenshots allegedly showing CodeRED customer data—including clear-text passwords, a major red flag indicating weak or outdated encryption practices within the legacy system. The group claims they infiltrated OnSolve’s systems on November 1, 2025, encrypted files on November 10, and began selling stolen data after not receiving a ransom payment.
For users, the exposure of clear-text passwords presents a serious security risk. Cybersecurity experts urge anyone who reused their CodeRED password on other platforms to change those credentials immediately to avoid account takeovers or secondary attacks.
This incident underscores a harsh reality: even critical public safety infrastructure is increasingly vulnerable to sophisticated cybercriminal groups. With ransomware actors evolving rapidly and exploiting vulnerabilities in legacy systems, public agencies face heightened pressure to modernize cybersecurity defenses and protect sensitive community data.
Conclusion:
The OnSolve CodeRED cyberattack is a stark reminder of how deeply interconnected digital systems have become—and how quickly a single breach can disrupt nationwide emergency communication. As Crisis24 works to rebuild its platform and agencies scramble to restore their alert capabilities, this event highlights the urgent need for stronger cybersecurity practices, modernized infrastructure, and proactive risk mitigation strategies to safeguard the systems communities rely on every day.
