A targeted cyber attack compromised the **CodeRED emergency notification system** in Harrisburg, SD, operated by **OnSolve (Crisis24)**. The incident was contained within the CodeRED environment, but hackers gained access to a server, potentially exposing **user data**—including **names, addresses, email addresses, and phone numbers**—though no highly sensitive information (e.g., financial or medical records) was breached. The primary motive appeared to be **ransom extraction**, though no payment demands were explicitly confirmed. The affected server was promptly isolated, and services were migrated to a new server, with full restoration expected by late November 23 or early November 24. While the attack disrupted emergency alert capabilities (raising concerns ahead of a snowstorm), no broader systemic damage or lateral movement into other city systems occurred. The breach underscored vulnerabilities in third-party notification platforms, though the exposed data was limited to basic contact details used for public alerts.
Source: https://www.dakotanewsnow.com/2025/11/27/cyber-attack-harrisburg-text-alert-provider-under-control/
Emergency Communications Network cybersecurity rating report: https://www.rankiteo.com/company/emergency-communications-network-llc
"id": "EME5462554112725",
"linkid": "emergency-communications-network-llc",
"type": "Ransomware",
"date": "11/2025",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Residents subscribed to CodeRED '
'emergency notifications (exact '
'number unspecified)',
'industry': 'Public Administration',
'location': 'Harrisburg, South Dakota, USA',
'name': 'City of Harrisburg, South Dakota',
'type': 'Municipal Government'},
{'industry': 'Risk Management and Emergency '
'Notification Services',
'name': 'Crisis24 (OnSolve)',
'type': 'Private Company'}],
'customer_advisories': ['Public statement by Mayor Derick Wenck reassuring '
'residents of limited risk.',
'Letter from Crisis24 with FAQs and contact email for '
'questions.'],
'data_breach': {'data_exfiltration': 'Unconfirmed (data accessed but no '
'confirmation of exfiltration)',
'personally_identifiable_information': ['Names',
'Addresses',
'Email addresses',
'Phone numbers'],
'sensitivity_of_data': 'Low to moderate (names, addresses, '
'emails, phone numbers; no financial '
'or highly sensitive data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_resolved': 'Expected by late November 2024 (Wednesday night or early '
'Thanksgiving Day)',
'description': 'A targeted cyber attack compromised the OnSolve CodeRED '
'emergency notification system in Harrisburg, South Dakota. '
'The attack was contained within the CodeRED environment and '
'primarily aimed at extracting ransom money. Limited user data '
'(names, addresses, email addresses, and phone numbers) may '
'have been exposed, but the server was promptly closed. The '
'system is expected to be restored by late Wednesday or early '
'Thanksgiving Day. The city coordinated with Crisis24 and '
'prepared alternative communication methods (e.g., news '
'stations) for snow emergencies during the outage.',
'impact': {'brand_reputation_impact': 'Potential concern due to breach of '
'emergency system, but limited data '
'exposure mitigated severe reputational '
'damage.',
'data_compromised': ['Names',
'Addresses',
'Email addresses',
'Phone numbers'],
'downtime': 'From detection until late November 2024 (Wednesday '
'night or early Thanksgiving Day)',
'identity_theft_risk': 'Low (limited to names, addresses, emails, '
'and phone numbers)',
'operational_impact': 'Temporary loss of emergency notification '
'capabilities; city prepared alternative '
'communication channels (e.g., news '
'stations) for snow emergencies.',
'systems_affected': ['OnSolve CodeRED emergency notification '
'system (single server)']},
'initial_access_broker': {'high_value_targets': ['CodeRED emergency '
'notification server']},
'investigation_status': 'Ongoing (restoration in progress; no final report '
'mentioned)',
'lessons_learned': 'Increasing reliance on online services heightens exposure '
'to cyber risks, even for critical systems like emergency '
'notifications. Proactive coordination with service '
'providers and backup communication plans are essential '
'for resilience.',
'motivation': 'Financial (ransom money)',
'post_incident_analysis': {'corrective_actions': ['Migration to a secure '
'Crisis24 server',
'Server closure to prevent '
'further access']},
'ransomware': {'ransom_paid': 'No'},
'recommendations': ['Enhance server security for emergency notification '
'systems.',
'Implement multi-layered authentication and access '
'controls.',
'Develop redundant communication channels for critical '
'alerts.',
'Conduct regular cybersecurity audits for third-party '
'vendors.'],
'references': [{'date_accessed': '2025 (article copyright date)',
'source': 'Dakota News Now',
'url': 'https://www.dakotanewsnow.com/2024/11/2x/ '
'(hypothetical; actual URL not provided in text)'},
{'source': 'City of Harrisburg Website (Letter from '
'Crisis24)'}],
'response': {'communication_strategy': ['Public disclosure via Dakota News '
'Now',
'Letter from Crisis24 published on '
'the city website with FAQs and '
'contact email',
'Alternative communication channels '
'(news stations) for snow '
'emergencies'],
'containment_measures': ['Prompt closure of the affected server'],
'incident_response_plan_activated': 'Yes (coordination between '
'Harrisburg and Crisis24)',
'recovery_measures': ['Restoration of alerting and public '
'notification capabilities by late '
'November 2024'],
'remediation_measures': ['Migration to another Crisis24 server'],
'third_party_assistance': 'Crisis24 (provider of CodeRED '
'system)'},
'stakeholder_advisories': 'City coordinated with Crisis24 and prepared '
'alternative communication methods for residents.',
'title': "Cyber Attack on Harrisburg's CodeRED Emergency Notification System "
'by Crisis24',
'type': ['Cyber Attack', 'Ransomware Attempt', 'Data Breach']}