A **ransomware attack** targeted the **CodeRED emergency notification platform**, administered by **Crisis24**, compromising personal data of users nationwide and disrupting critical public alert systems. The breach exposed sensitive information—including **names, addresses, email addresses, phone numbers, and passwords**—with evidence suggesting the data was published online by an organized cybercriminal group. While no financial data was collected by the platform, the attack forced a **complete shutdown of the CodeRED system**, halting emergency notifications for **floods, gas leaks, missing persons, and other life-threatening events** across multiple cities.The incident required Crisis24 to **rebuild the system from scratch** and migrate customers to a new platform, causing prolonged outages. Authorities warned users who reused their CodeRED passwords on other accounts to change them immediately to prevent further exploitation. Though internal city systems remained unaffected, the **loss of public trust and operational disruption** posed significant risks, as the platform is vital for time-sensitive safety communications. The attack underscored vulnerabilities in critical infrastructure, leaving communities temporarily blind to emergencies while recovery efforts continued.
Crisis24 cybersecurity rating report: https://www.rankiteo.com/company/crisis24
"id": "CRI3110531112725",
"linkid": "crisis24",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Multiple cities and '
'jurisdictions (e.g., Sumner, '
'Puget Sound region)',
'industry': 'emergency notification services',
'location': 'United States (nationwide impact)',
'name': 'Crisis24 (OnSolve CodeRED)',
'type': 'private company'},
{'customers_affected': 'Residents subscribed to CodeRED '
'alerts',
'industry': 'public safety',
'location': 'United States (e.g., Puget Sound region)',
'name': 'City of Sumner (and other jurisdictions using '
'CodeRED)',
'type': 'local government'}],
'customer_advisories': ['Password change recommendations',
'Assurance that financial data was not compromised',
'Confirmation that internal city systems were '
'unaffected'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate to High (PII + password '
'reuse risk)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'authentication credentials']},
'description': 'A ransomware attack compromised the CodeRED emergency '
'notification platform administered by Crisis24, exposing '
'personal data (including names, addresses, emails, phone '
'numbers, and passwords) and disrupting emergency alerts '
'nationwide. The attack forced Crisis24 to shut down and '
'rebuild the system while migrating customers to a new '
'platform. No financial data was compromised, but password '
'reuse risks were highlighted.',
'impact': {'brand_reputation_impact': 'High (loss of trust in emergency '
'notification reliability)',
'data_compromised': ['names',
'addresses',
'email addresses',
'phone numbers',
'passwords'],
'downtime': 'Ongoing (system shutdown and rebuild in progress)',
'identity_theft_risk': 'Moderate (due to password reuse warnings)',
'operational_impact': 'Nationwide disruption of emergency alerts '
'(floods, gas leaks, missing persons, etc.) '
'via phone, text, email, and mobile app',
'payment_information_risk': 'None (financial data not collected by '
'platform)',
'systems_affected': ['CodeRED legacy platform (OnSolve)',
'emergency notification system']},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (data published '
'online post-attack)',
'high_value_targets': ['emergency notification '
'system',
'user credentials']},
'investigation_status': 'Ongoing (system rebuild and migration in progress)',
'motivation': ['financial gain', 'disruption'],
'post_incident_analysis': {'corrective_actions': ['system rebuild',
'platform migration',
'user notification']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['Avoid password reuse across platforms',
'Monitor dark web for exposed credentials',
'Implement multi-factor authentication (MFA) for critical '
'systems',
'Regularly audit third-party vendor security (e.g., '
'emergency notification providers)'],
'references': [{'source': 'KOMO News'},
{'source': 'Crisis24 Public Statement'}],
'response': {'communication_strategy': ['public statement confirming breach',
'advisories to change reused '
'passwords',
'dedicated support contact '
'(866-939-0911, '
'[email protected])'],
'containment_measures': ['shutdown of CodeRED platform',
'system rebuild'],
'incident_response_plan_activated': True,
'recovery_measures': ['transferring customers to new system',
'restoring alert capabilities'],
'remediation_measures': ['migration to new platform',
'password reset advisories for users']},
'stakeholder_advisories': ['Urged residents to change passwords if reused '
'elsewhere',
'Provided direct support contact for data '
'inquiries'],
'threat_actor': 'organized cybercriminal group',
'title': 'Ransomware Attack on CodeRED Emergency Notification System by '
'Crisis24',
'type': ['ransomware', 'data breach', 'service disruption']}