Officials said some user contact information stored in the system may have been removed and could be leaked, including the user's name, address, email, phone number and CodeRed profile password.
There is no indication the data has been posted online, nor is there evidence that information has been used for fraud or identify theft, but officials encourage users who reused their CodeRed passwords elsewhere to change them immediately.
No action is necessary if residents signed up for CodeRed alerts without creating a password-protected profile, officials said.
CodeRed has decommissioned the platform affected by the cyber attack and is transitioning users to a new CodeRed by Crisis24 system, which has undergone security testing and was not impacted by the attack.
According to officials, the attack did not impact any of Carlisle's other systems outside of emergency alerts.
The system provider is continuing to investigate the incident.
Officials answered a series a frequently asked questions on the borough's website and will provide updates as needed, including when the alert service has been restored and whether users will need to re-register.
©2025 The Sentinel, Distributed by Tribune Content Agency, LLC.
