Emergency alerts go dark after cyberattack on OnSolve CodeRED

Emergency alerts go dark after cyberattack on OnSolve CodeRED

Emergency alerts go dark after cyberattack on OnSolve CodeRED

Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies.

A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification services used by U.S. state and local governments, police, and fire agencies.

OnSolve CodeRED is a cloud-based emergency alert system used by U.S. state and local governments to quickly deliver critical notifications. It enables police, fire departments, and public safety agencies to send geo-targeted warnings via calls, texts, emails, and mobile alerts, helping communities stay informed and respond rapidly during emergencies.

The City of University Park, Texas, reported a cybersecurity incident affecting its third-party alert system, CodeRED. A cybercriminal group disrupted the service and may have accessed user data, including contact details and account passwords.

“As a precaution, we want to make residents aware of a recent cybersecurity incident involving the City’s third-party emergency alert system, CodeRED. We were notified that a cybercriminal group targeted the system, which caused disruption and may have compromised some user data. This incident did not affect any City systems or services and remains isolated to the CodeRED software.reads the emergency notification published by the City.”

The data includes basic contact information for CodeRED users – such as names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts. If you used the same password for CodeRED that you use for any other account, westrongly recommendchanging those passwords right away. Because CodeRED does not collect financial information from users, there is no impact to any financial data.”

The City pointed out that its systems were not impacted. Users should change reused passwords. Investigators have not found any stolen data online so far. The City is replacing CodeRED and moving to a new, more secure alert platform.

“CodeRED has informed us that while there are indications that data was taken from the system, at this time, there isno evidencethat this information has been posted online. However, we want to let residents know that itcould beleaked in the future.” continues the notification. “While the City’s CodeRED account has been decommissioned, staff is working with the vendor to migrate to a new emergency alert platform. Please know that protecting your personal information is our highest priority, and we are committed to safeguarding your data by working with vendors who provide secure, reliable systems.”

The City reported that its provider launched a new CodeRED system, built in a separate, uncompromised environment. The provider completed a full security audit and engaged external experts for penetration testing and hardening. The incident occurred in November and affected the previous CodeRED platform, which has been decommissioned. The provider is migrating all customers to the new platform. Users are advised to change any passwords reused elsewhere.

The provider did not disclose technical details about the security breach or the number of individuals affected. However, the INC Ransomgroup claimed responsibility for the attack.

“During negotiations, Onsolve valued its customers’ data and its reputation at $100,000. This prompted the publication of the hack. On November 1, 2025, we gained access to their infrastructure, and on November 10, 2025, we encrypted their files. Of course, they did not report this to the appropriate authorities. The two .csv files are examples of the data contained in the databases listed in db.txt, which we are putting up for sale, as the company does not value its customers or its reputation.” reads the announcement published by the ransomware group on its Tor leak site.

The INC RANSOM has been active since 2023, ithas claimed responsibility for the breach of at tens of organizationsto date, including US hospice pharmacy Xerox Corp, OnePoint Patient Care, and Scotland’sNational Health Service(NHS)

Follow me on Twitter:@securityaffairsandFacebookandMastodon

PierluigiPaganini

(SecurityAffairs–hacking,OnSolve CodeRED)

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.