Nationwide CodeRED emergency alert system Compromised by ransomware gang
Learn More
A cyberattack claimed by the INC Ransom cybercriminal group has hit the OnSolve CodeRED emergency notification platform, impacting over 10,000 counties, cities, and towns across the United States and potentially exposing personal information of millions of residents.
The incident was first detected on November 10, 2025, when the Great Falls Police Department in Cascade County, Montana discovered they could not access the platform during preparations for a scheduled emergency alert test. This forced the vendor Crisis24 to permanently decommission its entire legacy CodeRED infrastructure.
OnSolve publicly acknowledged detecting "potential security vulnerabilities" on November 11, 2025, and suspended system access for a security review. The permanent decommissioning of the CodeRED platform came after OnSolve concluded that the damage within the environment was so extensive that remediation was deemed infeasible or too risky. The company did not proactively notify many of its municipal customers about the security incident.
During the outage, affected jurisdictions had no ability to use the platform for emergency notifications including tornado warnings, severe weather alerts, hazardous material spills, evacuation orders, AMBER alerts, and road closures, forcing them to rely on backup systems including FEMA's Integrated Public Alert and Warning System (IPAWS), social media, local news outlets, and alternative notification platforms.
FEMA disconnected alerting authorities that originate messages through CodeRED as a precautionary measure, further reducing emergency notification capabilities.
The company has accelerated migration of all customers to a new "CodeRED by Crisis24" platform, but no firm timeline has been provided for when the new system will be fully operational.
According to warning letters distributed by affected municipalities, including Jackson County, Illinois and O'Fallon, Missouri, the attackers were able to remove data from the OnSolve CodeRED platform. The compromised data includes:
- Full names
- Home addresses
- Email addresses
- Phone numbers
- Passwords used to create CodeRED alert profiles
The exact number of affected individuals has not been disclosed. With CodeRED serving over 10,000 jurisdictions nationwide, the potential exposure likely affects millions of residents. Security researchers and affected jurisdictions are urging CodeRED users to immediately change their passwords, particularly if they reused the same password across multiple accounts.
