Crisis24, OnSolve’s parent company, confirmed Wednesday via email that data tied to the legacy CodeRED platform was published online by a cyber criminal group. An email to Government Technology said that a “targeted attack by an organized cybercriminal group …resulted in damage to the OnSolve CodeRED environment,” and a forensic analysis showed the incident was contained in that environment. Law enforcement was notified, and there is an ongoing investigation.
Multiple jurisdictions — including in South Carolina, Michigan and Colorado — have taken the platform offline and notified residents about the service disruption. The Douglas County Sheriff in Colorado as well as the city of Weston, Fla., posted social media and web announcements saying that names, addresses, emails, phone numbers and passwords connected to the CodeRED accounts may be compromised.
“Users who have reused their OnSolve CodeRED password for any other personal or business accounts are advised to change those passwords immediately,” the email said. “We have notified all affected OnSolve CodeRED customers and have decommissioned the platform. In parallel, we have accelerated the rollout of our new CodeRED by Crisis24 platform and are transferring all customers to this platform.”
The platform is a cloud-based notification system that can be branded, and it allows public safety and emergency management to send geotargeted alerts via voice, SMS, email, mobile application or IPAWS. Alerts can include weather emergencies, boil-water notices, missing-person alerts and other public safety messages. More than 10,000 communities use the platform, according to the company.
Data-security news website Bleeping Computer reported Tuesday that the INC Ransom gang took responsibility for the attack on a Tor data leak site. According to the report, the group said it breached the system on Nov. 1 and encrypted files Nov. 10 in a ransomware attack, but no ransom was paid. Bleeping Computer also reported that INC took credit for the September cyber attack on Pennsylvania’s Office of Attorney General. The company has not confirmed the dates of this attack.
The incidents echo a broader concern among state technology leaders that third-party and supply-chain vulnerabilities remain among the most significant risks facing public-sector agencies, particularly as ransomware groups continue to target vendors that support government services.
