CodeRED Outage

(6-7 minute read)

The Town has recently been notified that its emergency alert system, CodeRED, is down due to a cyber-attack on the vendor system. This outage is nationwide.  Currently, the Town is unable to issue CodeRed notifications using user data, though notifications can be issued using publicly available phone numbers (which may not reach residents who specifically signed up for CodeRED alerts). We have also learned that resident data has been compromised.

We’re working closely with CodeRed to understand the magnitude of the exposure of our data, and how they intend to repair this.

Please note: CodeRED is NOT related to the Emergency Alert System, which is the federal government-managed emergency notifications system, which is recognizable by the telltale alert tone that residents may hear on TV, radio or via their cellphones. This service, which the Commonwealth of Massachusetts may deploy during a serious emergency, is not affected by the CodeRED outage.

Below is a statement that CodeRED put out to its customers late Friday night. We have been in touch with them over the weekend, but this is the extent of information available now. This page will be updated as we have additional information. We apologize for any inconvenience and thank you for your patience. 

Further to our previous communications, we'd like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. 
 
 We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked. 
 
 It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately. 
 
We have decommissioned the OnSolve CodeRED platform and we have expedited our plan to make our new CodeRED by Crisis24 platform available to all customers, using backup data. However, due to damage to our OnSolve CodeRED platform, backup data is current as of March 31, 2025. 
 
 We have also completed a comprehensive security audit of CodeRED by Crisis24 and its infrastructure as well as engaged external experts for additional penetration testing and hardening. 
 
Please note, the CodeRED by Crisis24 platform will currently provide only basic alert and notification capabilities using publicly available phone data. Limitations are as follows: 

• The backup contact data availability is as follows:

  • Publicly available phone data is immediately available.

  • e911 data is expected to be available before November 28.

  • Customer-specific contacts and groups are expected to be available before November 28.

  • Community notification enrollment data is expected to be available before November 28.

• IPAWS alerts are not currently available. IPAWS should continue to be issued by contacting the IPAWS Technical Support Line at 1 844 729-7522.

• Automated weather alerts are not currently available.

• Shape file library is not available.

Unfortunately, we have all witnessed the rising cyberattacks affecting many businesses and organizations. We sincerely regret that this event has occurred, and we remain committed to supporting you, our customers, and to restoring your previous alerting and public notification capabilities. We ask for your patience while our team diligently works to ensure prompt activation and data upload to your CodeRED by Crisis24 account. 
 
 We understand that your users may have questions. We have included some FAQs below to assist you. 

1. Is user data affected? 
    Our provider informed us that data potentially associated with the OnSolve CodeRED platform may be published. Our provider’s investigation suggests that the affected personal information is limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.

2. What happened?
    Our provider notified us that the OnSolve CodeRED environment was the victim of a targeted cyber-attack by an organized cybercriminal group. The attack damaged the OnSolve CodeRED environment. Our provider’s investigation indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.

3. Did this impact other systems for the municipality? 
    No. Our provider’s forensic analysis indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.

4. What is the new CodeRed system? 
    Our provider launched a new CodeRed System, which had been in the works. Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening.

5. Does this incident impact the new CodeRed system? 
    No. Our provider informs that it resides in a non-compromised, separate environment. It also informed that they completed a comprehensive security audit and as engaged external experts for additional penetration testing and hardening.

6. When did this event occur? 
    Our provider notified us of the cybersecurity incident in November.

7. What is the Provider doing to respond to this issue? 
    The provider informed us that it promptly took steps to secure its systems, launched an investigation, and engaged external cybersecurity experts to assist. The provider decommissioned the OnSolve CodeRED platform and is the process of moving all customers to its new CodeRED platform.

8. What information of users was involved? 
    The provider is still investigating this matter, however, the provider informs that the affected personal information appears to be limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.

9. Does this mean that users are victims of identity theft? 
    We have no evidence that any user information has been used to carry out identity theft and/or fraud.

10. Why did this happen? 
     Unfortunately, there have been rising cybersecurity risks and penetrations across many organizations as of late.