MCP Insights

Cybersecurity Threat Advisory: CodeRED Cyberattack Results in Significant Data Breach

Posted on January 26, 2026 by Jason Franks

This week, a new critical alert demands the immediate attention and action of the public-sector community.

Advisory Summary

CodeRED is a mass-notification platform used by thousands of local government agencies nationwide to send targeted critical alerts (e.g., weather warnings, evacuation notifications, boil-water notices, missing-persons alerts) via phone, text, email, and mobile apps. The platform was previously provided by OnSolve but is now supported by Crisis24 following a major cyberattack late in 2025. The attack highlighted a critical vulnerability in third-party vendor infrastructure relied upon for public safety messaging. It underscores the importance of password hygiene (avoid reuse) and multifactor authentication (MFA), among other steps.

Advisory Overview

CodeRED is a mass-notification platform used by thousands of local government agencies nationwide to send targeted critical alerts (e.g., weather warnings, evacuation notifications, boil-water notices, missing-persons alerts) via phone, text, email, and mobile apps. The platform was previously provided by OnSolve but is now supported by Crisis24 following a major cyberattack late in 2025. The attack highlighted a critical vulnerability in third-party vendor infrastructure relied upon for public safety messaging.

Note: This is not the federal Emergency Alert System.

What Happened?

INC Ransome Group took credit for the attack, which affected numerous local government agencies across the county. The cyberattackers reportedly gained access to encrypted files and exfiltrated sensitive data. The consequences were significant:

  • Many local agencies lost access to the system temporarily and had to rely on backup alert systems (e.g., IPAWS, social media).
  • Jurisdictions reported that user data may have been breached – e.g., names, addresses, emails, phone numbers, and passwords – that were used to create CodeRED profiles.
  • Consequently, residents were urged to change passwords, especially if reused elsewhere.

The following are a few specific breach examples that were reported in the media:

  • Monroe County, Georgia – The county's emergency management agency said that some personal information was accessed. As a result, Crisis24 created a replacement system and discontinued the hacked platform.

  • Jackson County, Illinois – The attack disrupted the CodeRED platform and removed user data; local officials later restored alerts using backup data on the new Crisis24 platform.

  • Brown County, Texas – The CodeRED platform went out of service; residents were advised to change passwords, especially if reused elsewhere.

  • Bradenton, Florida – City officials warned that the attack resulted in a data breach that likely impacted contact information and passwords.

As a result of this cyberattack, Crisis24 took the legacy CodeRED environment offline or decommissioned it. Then they began migrating customers to a new platform, branded CodeRED by Crisis24, based on backups from March 31, 2025, which means some newer subscriber data was lost.

What is the Risk?

Disruptions to mass notification systems can delay or impair emergency communications, potentially increasing the risk to people and property.

What Are the Recommendations?

This incident underscores the importance of:

  • Password hygiene (avoid reuse).
  • Multifactor authentication (MFA).
  • Regular vendor security assessments.
  • Incident response preparedness for public safety systems.

MCP cybersecurity subject-matter experts further recommend the following actions:

  • Public alert systems must be diversified and have failover communication channels.
  • Local governments should review vendor cybersecurity policies and incident response plans.
  • Residents enrolled in alert systems should update their credentials and regularly monitor the systems to identify suspicious activity.

How MCP Can Help

MCP offers a comprehensive cybersecurity solutions suite designed specifically for public-safety and justice entities and other critical-infrastructure organizations to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. 

Jason Franks is an accomplished cybersecurity and IT expert renowned for delivering exceptional technical performance through deep knowledge and dynamic team leadership. He brings three decades of extensive experience in IT and cybersecurity, the majority of which have been spent guiding mission-critical agencies, including the U.S. Department of Defense (DOD) and various public safety and law enforcement agencies. 

Topics: Public Safety, Cybersecurity

    Subscribe to Newsletter

    Icon

    Let's Talk

    How can we support your mission? From design and procurement to building and management, our national team of experts is here to help…because the mission matters.

    Get In Touch

    Mission Critical Partners

    A: 690 Grays Woods Blvd., Port Matilda, PA 16870
    P: 888.862.7911

    twitter-x-footer facebook_icon linkedin_icon

    Newsletter

    Click the button below to sign up for our newsletter.

    SIGN UP
    Navigation

    ©2026 All Rights Reserved

    NENA 911   APCO International   iCERT

    Privacy Policy  |  Terms & Conditions