{“lastseen”:”2025-11-27T16:22:15″,”description”:”A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to change their passwords. \\n\\nCodeRED is used by local governments to deliver fast, targeted alerts during severe weather, evacuations, missing persons, and other urgent events. Both the data breach and the service outage have serious implications for communities.\\n\\nThe OnSolve CodeRED system is a cloud-based platform used by city, county, and state agencies to send emergency alerts via voice calls, SMS, email, mobile app notifications, and national alerting systems. Because of the incident, some regions temporarily lost access to the system and had to rely on social media or other methods to reach the public.\\n\\nTo avoid confusion: CodeRED is not the same as the Emergency Alert System (EAS), which is the federal government-managed emergency notifications system. The CodeRED emergency notification system is a voluntary program where residents can sign up to receive notifications and emergency alerts affecting the city they live in.\\n\\n## What’s happened?\\n\\nAmong the many affected municipalities, the City of Cambridge\u2019s Emergency Communications, Police, and Fire Departments issued an alert urging users to change their passwords, especially if they reused the same password elsewhere. Similar advisories have been published by towns and counties in multiple states as the scale of the attack became clear.\\n\\nThe City of University Park, Texas, also warned residents:\\n\\n\\u003e \u201cAs a precaution, we want to make residents aware of a recent cybersecurity incident involving the City\u2019s third-party emergency alert system, CodeRED. We were notified that a cybercriminal group targeted the system, which caused disruption and may have compromised some user data. This incident did not affect any City systems or services and remains isolated to the CodeRED software.\u201d\\n\\nThe cause is reportedly a ransomware attack claimed by the INC Ransom group. The group posted screenshots that appear to show stolen customer data, including email addresses and associated clear-text passwords. \\n\\nThe INC Ransom group also published part of the alleged ransom negotiation, suggesting that Crisis24 (the provider behind CodeRED) initially offered $100,000, later increasing the offer to $150,000, which INC rejected.\\n\\n\\n\\nThe incident forced Crisis24 to shut down its legacy environment and rebuild the system in a new, isolated infrastructure. Some regions, such as Douglas County, Colorado, have terminated their CodeRED contracts following the outage.\\n\\n## **Why this matters**\\n\\nCyberattacks happen, and data breaches are not always preventable. But storing your subscriber database\u2014including passwords in clear text\u2014seems rather careless. Providers should assume people reuse passwords, especially for accounts they don’t view as very sensitive.\\n\\nNot that ransomware groups care, of course, but systems like CodeRED genuinely saves lives. When that system goes down or cannot be trusted, communities may miss evacuation orders, severe weather warnings, or active-shooter alerts when minutes matter.\\n\\nUsers are now being told to change their passwords, sometimes across multiple websites. But has everyone been notified? And even if they have, will they actually take action?\\n\\n## Protecting yourself after a data breach\\n\\nIf you think you have been the victim of a data breach, here are steps you can take to protect yourself:\\n\\n * **Check the vendor\u2019s advice.** Every breach is different, so check with the vendor to find out what\u2019s happened and follow any specific advice it offers.\\n * **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don\u2019t use for anything else. Better yet, let a password manager choose one for you.\\n * **Enable two-factor authentication (2FA****).** If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can\u2019t be phished.\\n * **Watch out for impersonators.** The thieves may contact you posing as the breached platform. Check the official website to see if it\u2019s contacting victims and verify the identity of anyone who contacts you using a different communication channel.\\n * **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.\\n * **Consider not storing your card details**. It\u2019s definitely more convenient to let sites remember your card details, but we highly recommend not storing that information on websites.\\n * **Set up identity monitoring**, which alerts you if your personal information is found being traded illegally online and helps you recover after.\\n\\n\\n\\n* * *\\n\\n**We don ‘t just report on threats\u2014we help safeguard your entire digital identity**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.”,”published”:”2025-11-27T14:40:32″,”modified”:”2025-11-27T14:40:32″,”type”:”malwarebytes”,”title”:”Millions at risk after nationwide CodeRED alert system outage and data breach”,”source”:””,”references”:””,”id”:”MALWAREBYTES:72F64E9BA39CB717371D17B6A482F611″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/millions-at-risk-after-nationwide-codered-alert-system-outage-and-data-breach”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-27T16:22:15″,”description”:”A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-27852","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n