The OnSolve CodeRED cyberattack disrupted emergency alert services across the United States and exposed sensitive user data. CodeRED supports thousands of municipalities, police departments and public-safety agencies. When attackers breached the system, the incident raised serious concerns about the resilience of national emergency-communication infrastructure.
Attack Overview
Attackers claimed they infiltrated the CodeRED platform on November 1, 2025. They stated they encrypted internal files on November 10. Security researchers linked the incident to INC Ransom, a ransomware-as-a-service group known for disruptive operations. The group also claimed they stole large volumes of sensitive data during the attack.
OnSolve confirmed a breach within its legacy CodeRED environment. The company reported disruptions to alert operations and identified unauthorized access to internal systems. The attack forced the decommissioning of the affected platform and accelerated the transition to a replacement system operated by Crisis24.
What Data Was Exposed
The breach exposed information stored within the legacy alert-management system. Stolen data included names, email addresses, phone numbers and physical addresses. Passwords linked to CodeRED accounts were also taken. This exposure increases the risk of identity theft and targeted phishing campaigns.
Public-safety agencies rely on CodeRED to distribute severe-weather notifications, evacuation orders and community alerts. Because of this role, the data connected to these accounts contains sensitive contact details for large populations. The OnSolve CodeRED cyberattack therefore created broader risks beyond operational disruption.
How the Incident Affected Emergency Services
The breach caused downtime across several local emergency-alert channels. Agencies reported delays in sending notifications, posting critical updates and coordinating responses. The interruption affected communities that depend on timely alerts for severe weather, public-safety updates and emergency instructions.
OnSolve responded by shutting down the compromised environment. The company moved customers to a separate crisis-management platform designed with updated controls. The migration reduced further disruption and allowed municipalities to resume normal alert functions.
Why This Breach Matters
Emergency-communication networks must maintain strong reliability, especially during national-security threats, large-scale weather events and critical public-safety incidents. The OnSolve CodeRED cyberattack demonstrated how cybercriminals can compromise essential services through a focused intrusion on outdated infrastructure.
Stolen passwords remain a major concern. Many users may have reused their credentials on other platforms. Attackers often leverage such data to access additional accounts or run targeted phishing campaigns. The scale of CodeRED’s user base increases the likelihood of secondary attacks.
Security Lessons for Public-Safety Systems
Public-safety technology depends on secure, modernized infrastructure. This incident highlights the need for continuous patching, updated authentication controls and faster retirement of outdated systems. Ransomware operators continue to expand their target scope, and emergency-alert platforms now represent attractive high-impact opportunities for exploitation.
Agencies must strengthen their vendor-security assessments. They also need to maintain incident-response plans that address communication outages, data breaches and credential-theft risks. Modernizing alert systems can reduce the chance of future failures.
Final Thoughts
The OnSolve CodeRED cyberattack exposed vulnerabilities in a nationwide emergency-alert system and disrupted critical communication services. Attackers gained access to sensitive data, encrypted internal files and pushed the legacy platform offline. The breach underscores the need for stronger cybersecurity across public-safety networks and highlights the risks created by outdated systems that support essential emergency functions.
