Threat administration firm Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification programs utilized by state and native governments, police departments, and fireplace companies throughout the US.
The CodeRED platform allows these companies to ship alerts to residents throughout emergencies.
The cyberattack compelled Crisis24 to decommission the legacy CodeRED setting, inflicting widespread disruption for organizations that use the platform for emergency notifications, climate alerts, and different delicate warnings.
In statements and an FAQ shared with impacted prospects, Crisis24 says its investigation discovered that the assault was contained to the CodeRED setting and didn’t have an effect on any of its different programs.
Nevertheless, they’ve confirmed that information was stolen from the platform through the assault. This stolen data contains names, addresses, e mail addresses, cellphone numbers, and passwords used for CodeRED consumer profiles.
Crisis24 tells prospects that they’ve seen no indication that the stolen information has been publicly revealed.
“CodeRED has knowledgeable us that whereas there are indications that information was taken from the system, presently, there is no such thing as a proof that this data has been posted on-line,” warned an announcement by the Metropolis of College Park, Texas.
As a result of the assault broken the platform, Crisis24 is rebuilding its service by restoring backups to a newly launched CodeRED by Crisis24 system. Nevertheless, the out there information is from an earlier backup on March 31, 2025, so accounts will possible be lacking from the system.
Quite a few counties, cities, and public security companies nationwide have reported on the cyberattack and disruption, stating that they’re working to revive emergency alert programs for his or her residents.
INC Ransom gang claims accountability
Whereas Crisis24 solely attributed the breach to an “organized cybercriminal group,” BleepingComputer has realized that the INC Ransomware gang has taken accountability for the assault.
The group created an entry for OnSolve on its Tor information leak web site and revealed screenshots that seem to indicate buyer information, together with e mail addresses and related clear-text passwords.
Supply: BleepingComputer
The ransomware gang claims to have breached OnSolve’s programs on November 1, 2025, and encrypted recordsdata on November 10. After allegedly failing to obtain a ransom fee, the risk actors say they’re now promoting the info stolen through the assault.
Because the passwords shared within the screenshots are in clear textual content, prospects are suggested to reset any CodeRED passwords that had been reused on different websites.
​​INC Ransom is a ransomware-as-a-service (RaaS) operation that launched in July 2023 and has since focused organizations worldwide.
Its checklist of victims spans a variety of sectors, from training and healthcare to authorities and entities like Yamaha Motor Philippines, Scotland’s Nationwide Well being Service (NHS), meals retail big Ahold Delhaize, and the U.S. division of Xerox Enterprise Options (XBS).
It is finances season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising traits, and evaluate their priorities as they head into 2026.
Learn the way prime leaders are turning funding into measurable impression.
