This week, a new critical alert demands the immediate attention and action of the public-sector community.
Advisory Summary
CodeRED is a mass-notification platform used by thousands of local government agencies nationwide to send targeted critical alerts (e.g., weather warnings, evacuation notifications, boil-water notices, missing-persons alerts) via phone, text, email, and mobile apps. The platform was previously provided by OnSolve but is now supported by Crisis24 following a major cyberattack late in 2025. The attack highlighted a critical vulnerability in third-party vendor infrastructure relied upon for public safety messaging. It underscores the importance of password hygiene (avoid reuse) and multifactor authentication (MFA), among other steps.
Advisory Overview
CodeRED is a mass-notification platform used by thousands of local government agencies nationwide to send targeted critical alerts (e.g., weather warnings, evacuation notifications, boil-water notices, missing-persons alerts) via phone, text, email, and mobile apps. The platform was previously provided by OnSolve but is now supported by Crisis24 following a major cyberattack late in 2025. The attack highlighted a critical vulnerability in third-party vendor infrastructure relied upon for public safety messaging.
Note: This is not the federal Emergency Alert System.
What Happened?
INC Ransome Group took credit for the attack, which affected numerous local government agencies across the county. The cyberattackers reportedly gained access to encrypted files and exfiltrated sensitive data. The consequences were significant:
The following are a few specific breach examples that were reported in the media:
Monroe County, Georgia – The county's emergency management agency said that some personal information was accessed. As a result, Crisis24 created a replacement system and discontinued the hacked platform.
Jackson County, Illinois – The attack disrupted the CodeRED platform and removed user data; local officials later restored alerts using backup data on the new Crisis24 platform.
Brown County, Texas – The CodeRED platform went out of service; residents were advised to change passwords, especially if reused elsewhere.
Bradenton, Florida – City officials warned that the attack resulted in a data breach that likely impacted contact information and passwords.
As a result of this cyberattack, Crisis24 took the legacy CodeRED environment offline or decommissioned it. Then they began migrating customers to a new platform, branded CodeRED by Crisis24, based on backups from March 31, 2025, which means some newer subscriber data was lost.
What is the Risk?
Disruptions to mass notification systems can delay or impair emergency communications, potentially increasing the risk to people and property.
What Are the Recommendations?
This incident underscores the importance of:
MCP cybersecurity subject-matter experts further recommend the following actions:
How MCP Can Help
MCP offers a comprehensive cybersecurity solutions suite designed specifically for public-safety and justice entities and other critical-infrastructure organizations to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy.
Jason Franks is an accomplished cybersecurity and IT expert renowned for delivering exceptional technical performance through deep knowledge and dynamic team leadership. He brings three decades of extensive experience in IT and cybersecurity, the majority of which have been spent guiding mission-critical agencies, including the U.S. Department of Defense (DOD) and various public safety and law enforcement agencies.