Dear Monroe Countians,
Monroe County Emergency Management Agency (EMA) is notifying the public of a recently confirmed nationwide cybersecurity data breach involving the OnSolve CodeRED mass notification system. The systemwide incident affects all OnSolve CodeRED customers, including those in Monroe County.
The nationwide data breach was not in any way caused by Monroe County EMA. The incident was entirely the result of what third-party provider OnSolve CodeRED has described as an “organized cybercriminal group that has victimized our platform and our customers.”
Upon discovering the data breach, the OnSolve CodeRED service was immediately discontinued nationally and resources were shifted to a new Crisis24 CodeRED service. The incident was contained to the OnSolve CodeRED environment with no contagion beyond.
OnSolve CodeRED customers, including those enrolled through Monroe County EMA, may have had the following information compromised via their accounts: names, addresses, e-mail addresses, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.
Monroe County citizens who enrolled in the OnSolve CodeRED service prior to March 31, 2025 will have their data migrated to the new Crisis24 CodeRED service for future notifications via backup data. All customer data put into the OnSolve CodeRED system since March 31, 2025 has been lost, so citizens who enrolled after March 31, 2025 will have to re-enroll once Crisis24 is fully available. Monroe County EMA is working with the Crisis24 CodeRED service staff to make that system available as soon as possible.
While the incident originated entirely within a third-party vendor’s system, we understand that it may cause concern for our citizens. Therefore, we are sharing the information that has been provided to us by OnSolve CodeRED. Monroe County EMA will continue to monitor the situation and share any information that OnSolve CodeRED provides.
Residents with questions about the data breach should contact the provider directly at: CodeRED (Customer Support) by phone at 1-866-939-0911, by e-mail at crsupport@crisis24.com, or in-person or by mail at 6240 Avalon Blvd., Alpharetta, Ga. 30009.
Below are some Frequently Asked Questions provided by OnSolve CodeRED regarding the data breach:
| |
- Is user data affected?
Our provider informed us that data potentially associated with the OnSolve CodeRED platform may be published. Our provider’s investigation suggests that the affected personal information is limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.
- What happened?
Our provider notified us that the OnSolve CodeRED environment was the victim of a targeted cyber-attack by an organized cybercriminal group. The attack damaged the OnSolve CodeRED environment. Our provider’s investigation indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.
- Did this impact other systems for the municipality?
No. Our provider’s forensic analysis indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.
- What is the new CodeRed system?
Our provider launched a new Crisis24 CodeRed System, which had been in the works. Our provider assures us that the new Crisis24 CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening.
- Does this incident impact the new CodeRed system?
No. Our provider informs that it resides in a non-compromised, separate environment. It also informed that they completed a comprehensive security audit and as engaged external experts for additional penetration testing and hardening.
- When did this event occur?
Our provider notified us of the cybersecurity incident in November.
- What is the Provider doing to respond to this issue?
The provider informed us that it promptly took steps to secure its systems, launched an investigation, and engaged external cybersecurity experts to assist. The provider decommissioned the OnSolve CodeRED platform and is the process of moving all customers to its new CodeRED platform.
- What information of users was involved?
The provider is still investigating this matter, however, the provider informs that the affected personal information appears to be limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.
- Does this mean that users are victims of identity theft?
We have no evidence that any user information has been used to carry out identity theft and/or fraud.
- Why did this happen?
Unfortunately, there have been rising cybersecurity risks and penetrations across many organizations as of late.
|
| |
|
