Wednesday, November 26th, 2025

Announcement from CodeRED by Crisis24

 

Dear Valued Customer,

Further to our previous communications, we'd like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond.

We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.

It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.

We have decommissioned the OnSolve CodeRED platform and we have expedited our plan to make our new CodeRED by Crisis24 platform available to all customers, using backup data. However, due to damage to our OnSolve CodeRED platform, backup data is current as of March 31, 2025.

We have also completed a comprehensive security audit of CodeRED by Crisis24 and its infrastructure as well as engaged external experts for additional penetration testing and hardening.

Unfortunately, we have all witnessed the rising cyberattacks affecting many businesses and organizations. We sincerely regret that this event has occurred, and we remain committed to supporting you, our customers, and to restoring your previous alerting and public notification capabilities. We ask for your patience while our team diligently works to ensure prompt activation and data upload to your CodeRED by Crisis24 account.


We understand that your users may have questions. We have included some FAQs below to assist you.

We appreciate your continued understanding and partnership. Please contact us directly at crsupport@crisis24.com with any concerns or questions. We are here for you.

Regards,
Grégoire Pinton
Managing Director, Integrated Risk Management

 

FAQs

  1. Is user data affected? 
    Our provider informed us that data potentially associated with the OnSolve CodeRED platform may be published. Our provider’s investigation suggests that the affected personal information is limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.
  2. What happened?
    Our provider notified us that the OnSolve CodeRED environment was the victim of a targeted cyber-attack by an organized cybercriminal group. The attack damaged the OnSolve CodeRED environment. Our provider’s investigation indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.
  3. Did this impact other systems for the municipality?
    No. Our provider’s forensic analysis indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.
  4. What is the new CodeRed system?
    Our provider launched a new CodeRed System, which had been in the works. Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening.
  5. Does this incident impact the new CodeRed system?
    No. Our provider informs that it resides in a non-compromised, separate environment. It also informed that they completed a comprehensive security audit and as engaged external experts for additional penetration testing and hardening.
  6. When did this event occur?
    Our provider notified us of the cybersecurity incident in November.
  7. What is the Provider doing to respond to this issue?
    The provider informed us that it promptly took steps to secure its systems, launched an investigation, and engaged external cybersecurity experts to assist. The provider decommissioned the OnSolve CodeRED platform and is the process of moving all customers to its new CodeRED platform.
  8. What information of users was involved?
    The provider is still investigating this matter, however, the provider informs that the affected personal information appears to be limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.
  9. Does this mean that users are victims of identity theft?
    We have no evidence that any user information has been used to carry out identity theft and/or fraud.
  10. Why did this happen?
    Unfortunately, there have been rising cybersecurity risks and penetrations across many organizations as of late.