SEATTLE — A cybersecurity attack against an emergency notification system may have compromised personal data across the country and is preventing alerts from being sent to the public.
City officials in Sumner were one of the first local jurisdictions to alert people in the Puget Sound region about the breach of the CodeRED platform, which is administered by Crisis24.
SEE ALSO | Emergency alert bill faces renewed scrutiny after deadly floods kill more than 100
The ransomware attack has exposed user data and resulted in significant disruptions.
One main concern is that people’s passwords were compromised.
KOMO News reached out to Crisis24 and received this response:
“We confirm that data potentially associated with the legacy OnSolve CodeRED platform has been published online following a targeted attack by an organized cybercriminal group. The attack also resulted in damage to the OnSolve CodeRED environment,” the company said in its statement.
The incident forced Crisis24 to shut down the platform and begin rebuilding the system. The company is in the process of transferring its customers to the new platform, so alerts and notifications can continue as needed.
Cities throughout the country have been unable to send out emergency notifications due to the breach. The CodeRED system is used to alert people about significant weather events, public safety threats, and other urgent situations.
These can include floods, gas leaks, and missing persons, and can be delivered via phone calls, text messages, email, or a mobile app.
SEE ALSO | BP Olympic Pipeline leak discovered in gasoline line, not line carrying SEA jet fuel
While Crisis24 confirms that data was stolen, the company reported no evidence that the information had been posted online. The stolen data includes users’ names, addresses, email addresses, phone numbers and passwords connected to CodeRED profiles.
“Users who have reused their OnSolve CodeRED password for any other personal or business accounts are advised to change those passwords immediately,” the company said.
Several cities noted that financial information is not collected by the platform. They also emphasized that their internal systems were not affected. However, many urged residents to change their passwords if they reused the CodeRED version somewhere else.
People who have specific questions about their data can contact CodeRED directly at 866-939-0911 or crsupport@crisis24.com.
