OnSolve’s legacy **CodeRED** alerting platform—a cloud-based emergency notification system used by over **10,000 communities**—was breached by the **INC Ransom** cybercriminal group. The attack, confirmed on **November 1 (breach) and November 10 (file encryption)**, exposed **names, addresses, emails, phone numbers, and passwords** of users tied to the platform. While no ransom was paid, the compromised data was **published online**, forcing multiple jurisdictions (e.g., **South Carolina, Michigan, Colorado**) to **decommission the platform**, disrupting critical public safety alerts (e.g., weather emergencies, missing-person notices). Authorities warned users to **change passwords**—especially if reused elsewhere—to mitigate risks of further account takeovers. The incident underscores **third-party supply-chain vulnerabilities** in government-supported services, as ransomware groups increasingly target vendors handling sensitive public infrastructure. OnSolve is migrating affected customers to a **new CodeRED platform** while investigations continue.
Source: https://www.govtech.com/security/emergency-notification-system-hit-by-cyber-attack
Emergency Communications Network cybersecurity rating report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "EME1592315112625",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '10,000+ communities',
'industry': 'Public Safety and Emergency Notification '
'Services',
'location': 'United States',
'name': 'OnSolve (subsidiary of Crisis24)',
'type': 'Private Company'},
{'industry': 'Law Enforcement',
'location': 'Colorado, USA',
'name': 'Douglas County Sheriff (Colorado)',
'type': 'Government Agency'},
{'industry': 'Municipal Services',
'location': 'Florida, USA',
'name': 'City of Weston (Florida)',
'type': 'Government Agency'},
{'industry': 'Public Safety',
'location': 'USA (Multiple States)',
'name': 'Jurisdictions in South Carolina, Michigan, '
'and other states',
'type': 'Government Agencies'}],
'customer_advisories': 'Immediate password reset recommended; monitoring for '
'identity theft advised.',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Addresses',
'Emails',
'Phone numbers'],
'sensitivity_of_data': 'High (includes passwords and PII)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Authentication Credentials']},
'date_publicly_disclosed': '2023-11-15',
'description': 'Public safety agencies across the U.S. took OnSolve’s legacy '
'CodeRED alerting platform offline after a data breach tied to '
'a ransomware attack by the INC Ransom gang. The breach '
'exposed user data, including names, addresses, emails, phone '
'numbers, and passwords. The platform was decommissioned, and '
'customers were advised to change passwords, especially if '
'reused elsewhere. Law enforcement was notified, and an '
'investigation is ongoing. The company is migrating users to a '
'new platform, CodeRED by Crisis24.',
'impact': {'brand_reputation_impact': 'High (public safety agencies and '
'10,000+ communities affected; loss of '
'trust in alerting system)',
'data_compromised': ['Names',
'Addresses',
'Emails',
'Phone numbers',
'Passwords'],
'downtime': 'Platform taken offline in multiple jurisdictions '
'(e.g., South Carolina, Michigan, Colorado)',
'identity_theft_risk': 'High (due to exposed PII and password '
'reuse warnings)',
'operational_impact': 'Disruption of public safety alerts (weather '
'emergencies, boil-water notices, '
'missing-person alerts, etc.)',
'systems_affected': ['Legacy CodeRED alerting platform']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['Legacy CodeRED platform '
'data']},
'investigation_status': 'Ongoing (law enforcement involved)',
'lessons_learned': 'Third-party and supply-chain vulnerabilities pose '
'significant risks to public-sector agencies, particularly '
'for vendors supporting critical government services like '
'emergency alerting systems. Rapid migration to secure '
'platforms and proactive communication are essential for '
'mitigating reputational and operational damage.',
'motivation': 'Financial (ransomware)',
'post_incident_analysis': {'corrective_actions': ['Decommissioning of legacy '
'platform',
'Migration to new CodeRED '
'by Crisis24 platform',
'Enhanced password policies '
'and user advisories'],
'root_causes': ['Targeted attack by organized '
'cybercriminal group (INC Ransom)',
'Vulnerabilities in legacy CodeRED '
'platform',
'Potential supply-chain or '
'third-party risks']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'INC Ransom'},
'recommendations': ['Enhance third-party vendor security assessments for '
'public-sector suppliers.',
'Implement multi-factor authentication (MFA) for all user '
'accounts to mitigate credential reuse risks.',
'Conduct regular forensic analyses to detect and contain '
'breaches early.',
'Develop robust incident response plans for cloud-based '
'critical infrastructure.'],
'references': [{'date_accessed': '2023-11-14',
'source': 'Bleeping Computer',
'url': 'https://www.bleepingcomputer.com'},
{'date_accessed': '2023-11-15',
'source': 'Crisis24 (OnSolve Parent Company) Email '
'Disclosure'},
{'date_accessed': '2023-11-15',
'source': 'Douglas County Sheriff (Colorado) Social Media '
'Announcement'},
{'date_accessed': '2023-11-15',
'source': 'City of Weston (Florida) Web Announcement'}],
'response': {'communication_strategy': ['Emails to customers',
'Social media and web announcements '
'by affected jurisdictions (e.g., '
'Douglas County Sheriff, City of '
'Weston)',
'Public disclosure via Bleeping '
'Computer'],
'containment_measures': ['Decommissioned legacy CodeRED platform',
'Accelerated rollout of new CodeRED by '
'Crisis24 platform'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Transferring all customers to new CodeRED '
'by Crisis24 platform'],
'remediation_measures': ['Password reset advisory for users',
'Migration to new platform']},
'stakeholder_advisories': 'Customers advised to change passwords, especially '
'if reused for other accounts; migration to new '
'platform underway.',
'threat_actor': 'INC Ransom gang',
'title': 'OnSolve CodeRED Legacy Platform Data Breach and Ransomware Attack',
'type': ['Data Breach', 'Ransomware Attack']}