**Cook County Overhauls Code Red System After Data Breach Exposes User Information**
The Cook County Sheriff’s Office recently announced temporary disruptions to its Code Red emergency alert system following a data breach that compromised user data. Code Red, part of the Integrated Public Alert and Warning System (IPAWS), enables government agencies to send critical public safety notifications.
According to Rowan Watkins, Director of County Management Information Systems, the breach exposed names, contact details, and passwords of individuals registered for the service. The stolen data could be exploited for phishing attacks, with bad actors impersonating local government officials to deceive recipients. Watkins warned that reused passwords—particularly those linked to banking or other sensitive accounts—pose an additional risk, as attackers may attempt to access multiple platforms.
The security flaw has since been addressed, and Code Red has launched an updated system. Existing users will have their accounts manually migrated by the sheriff’s department, requiring no action on their part. However, Watkins noted a surge in sophisticated phishing attempts targeting the county, urging residents to verify suspicious communications.
In response to the incident, Cook County is also transitioning its digital infrastructure to enhance security. Over the next six months, the county will phase out its long-standing cook.co.mn.us domain in favor of a .gov URL, a move designed to reduce confusion and make it harder for scammers to mimic official communications. While current URLs will remain active, they will redirect to the new addresses.
The changes reflect broader efforts to strengthen cybersecurity amid rising threats, with Watkins emphasizing the need for improved public awareness of fraudulent tactics.
Source: https://wtip.org/cyber-security-concerns-spur-code-red-changes-and-county-url-shift/
Cook County Sheriff’s Office TPRM report: https://www.rankiteo.com/company/clerk-of-the-circuit-court-of-cook-county
Cook County TPRM report: https://www.rankiteo.com/company/cook-county
"id": "clecoo1766706918",
"linkid": "clerk-of-the-circuit-court-of-cook-county, cook-county",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users signed up for the Code '
'Red service',
'industry': 'Public Safety / Government',
'location': 'Cook County, Minnesota, USA',
'name': 'Cook County Sheriff’s Office',
'type': 'Government Agency'}],
'customer_advisories': 'Users do not need to take action but should be '
'cautious of phishing attempts and update passwords if '
'reused.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information and passwords)',
'type_of_data_compromised': ['Names',
'Contact Information',
'Passwords']},
'description': 'The Cook County Sheriff’s Office announced a temporary '
'disruption to the Code Red system, part of IPAWS, due to a '
'data breach. The breach exposed names, contact information, '
'and passwords of users signed up for the service. The county '
'has since fixed the security issue and launched an updated '
'program. Additionally, the county is transitioning from the '
"URL ending 'cook.co.mn.us' to '.gov' to improve cybersecurity "
'and reduce phishing risks.',
'impact': {'brand_reputation_impact': 'Increased risk of phishing attacks '
'impersonating local government',
'data_compromised': 'Names, contact information, and passwords',
'downtime': 'Temporary disruption',
'identity_theft_risk': 'High (due to exposure of personally '
'identifiable information and passwords)',
'operational_impact': 'Manual migration of user accounts to a new '
'system',
'systems_affected': 'Code Red (IPAWS Integrated Public Alert '
'Warning System)'},
'investigation_status': 'Resolved (security issue fixed)',
'lessons_learned': 'Increased vigilance against phishing attacks is '
'necessary, and simpler, standardized URLs (.gov) improve '
'public recognition of legitimate communications.',
'motivation': 'Phishing and Credential Theft',
'post_incident_analysis': {'corrective_actions': ['Fixed security issue',
'Launched updated Code Red '
'program',
'Transitioned to .gov URL'],
'root_causes': 'Data breach exposing user '
'information and passwords'},
'recommendations': 'Users should update passwords, especially if reused '
'across multiple accounts, and remain cautious of '
'suspicious emails. Government agencies should adopt '
'standardized .gov URLs to reduce phishing risks.',
'references': [{'source': 'WTIP Interview with Rowan Watkins'}],
'response': {'communication_strategy': 'Public notice and advisory to '
'increase vigilance against phishing',
'containment_measures': 'Security issue fixed, updated Code Red '
'program launched',
'recovery_measures': 'Transition to .gov URL to improve '
'cybersecurity and reduce phishing risks',
'remediation_measures': 'Manual migration of user accounts to '
'the new system'},
'stakeholder_advisories': 'Increased vigilance against phishing attacks and '
'awareness of URL changes.',
'title': 'Code Red Data Breach and Cyber Security Updates in Cook County',
'type': 'Data Breach'}