Data Breach Disrupts Emergency Alert Systems

A cyberattack forced Crisis24 to decommission parts of CodeRED, an emergency notification system used widely across the US by governments, police, and fire agencies.

According to Bleeping Computer, CodeRED is used for emergency notifications, weather alerts, and other "sensitive warnings." It is run by risk management company Crisis24. After the initial cyberattack, Crisis24 was forced to decommission the "legacy" CodeRED environment, which was apparently still in use among a large number of organizations. The company is rebuilding their backups onto the newer version of the platform, but backup is from March 31 of this year and thus is likely missing important data.

To make matters worse, Crisis24 has confirmed that data was stolen during the attack. This includes names, addresses, email addresses, phone numbers, and passwords for user profiles. Crisis24 has said that they've seen "no indication that the stolen data has been publicly published," but Bleeping Computer asserts that INC Ransomware has already posted the data for sale online.