Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies.
A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification services used by U.S. state and local governments, police, and fire agencies.
OnSolve CodeRED is a cloud-based emergency alert system used by U.S. state and local governments to quickly deliver critical notifications. It enables police, fire departments, and public safety agencies to send geo-targeted warnings via calls, texts, emails, and mobile alerts, helping communities stay informed and respond rapidly during emergencies.
The City of University Park, Texas, reported a cybersecurity incident affecting its third-party alert system, CodeRED. A cybercriminal group disrupted the service and may have accessed user data, including contact details and account passwords.
“As a precaution, we want to make residents aware of a recent cybersecurity incident involving the City’s third-party emergency alert system, CodeRED. We were notified that a cybercriminal group targeted the system, which caused disruption and may have compromised some user data. This incident did not affect any City systems or services and remains isolated to the CodeRED software.” reads the emergency notification published by the City.”
“The data includes basic contact information for CodeRED users – such as names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts. If you used the same password for CodeRED that you use for any other account, we strongly recommend changing those passwords right away. Because CodeRED does not collect financial information from users, there is no impact to any financial data.”
The City pointed out that its systems were not impacted. Users should change reused passwords. Investigators have not found any stolen data online so far. The City is replacing CodeRED and moving to a new, more secure alert platform.
“CodeRED has informed us that while there are indications that data was taken from the system, at this time, there is no evidence that this information has been posted online. However, we want to let residents know that it could be leaked in the future.” continues the notification. “While the City’s CodeRED account has been decommissioned, staff is working with the vendor to migrate to a new emergency alert platform. Please know that protecting your personal information is our highest priority, and we are committed to safeguarding your data by working with vendors who provide secure, reliable systems.”
The City reported that its provider launched a new CodeRED system, built in a separate, uncompromised environment. The provider completed a full security audit and engaged external experts for penetration testing and hardening. The incident occurred in November and affected the previous CodeRED platform, which has been decommissioned. The provider is migrating all customers to the new platform. Users are advised to change any passwords reused elsewhere.
The provider did not disclose technical details about the security breach or the number of individuals affected. However, the INC Ransom group claimed responsibility for the attack.
“During negotiations, Onsolve valued its customers’ data and its reputation at $100,000. This prompted the publication of the hack. On November 1, 2025, we gained access to their infrastructure, and on November 10, 2025, we encrypted their files. Of course, they did not report this to the appropriate authorities. The two .csv files are examples of the data contained in the databases listed in db.txt, which we are putting up for sale, as the company does not value its customers or its reputation.” reads the announcement published by the ransomware group on its Tor leak site.
The INC RANSOM has been active since 2023, it has claimed responsibility for the breach of at tens of organizations to date, including US hospice pharmacy Xerox Corp, OnePoint Patient Care, and Scotland’s National Health Service (NHS)
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, OnSolve CodeRED)
