OnSolve CodeRED, a platform utilized by Craven County, was recently the victim of a cybersecurity attack.
The platform is used by the county to send public emergency notifications and alerts.
User data was removed from the system, although there is no indication that the data has been published online, the threat of a future leak remains.
User information may contain the following: name, address, email address, phone numbers, and/or associated passwords used to create OnSolve CodeRED profiles to receive alerts.
Craven County officials released the following:
Craven County’s OnSolve CodeRED emergency alert system was targeted in a cybersecurity attack in November, resulting in the removal of user data from the platform. CodeRED by Crisis24, which manages the system, confirmed that while there is no current indication of the data being published online, the risk of future leaks remains. The compromised data may include users’ names, addresses, email addresses, phone numbers, and passwords associated with OnSolve CodeRED profiles.
The breach affects individuals who registered for OnSolve CodeRED accounts to receive public alerts. Users in Craven County and other areas who used the same password for multiple accounts are urged to change their passwords immediately.
The OnSolve CodeRED system has been decommissioned nationwide following the incident, which was isolated to the third-party vendor’s system and did not involve any Craven County systems. Craven County officials have no access to the decommissioned system and inquiries can be directed to crsupport@crisis24.com or 1-866-939-0911.
Craven County Emergency Services is collaborating with CodeRED by Crisis24 to establish a new public emergency alert solution, expected to be operational before Nov. 28. The new platform has undergone a comprehensive security audit, and external experts have been engaged to enhance system security.
In the interim, Craven County will continue to disseminate announcements and alerts through local media, the county website, and social media platforms. County officials emphasize the importance of cybersecurity best practices, advising residents to use unique, long, and random passwords for each account.
FAQs provided by CodeRED By Crisis 24
1. Is user data affected?
Our provider informed us that data potentially associated with the OnSolve CodeRED platform may be published. Our provider’s investigation suggests that the affected personal information is limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.
2. What happened?
Our provider notified us that the OnSolve CodeRED environment was the victim of a targeted cyber-attack by an organized cybercriminal group. The attack damaged the OnSolve CodeRED environment. Our provider’s investigation indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.
3. Did this impact other systems for the municipality?
No. Our provider’s forensic analysis indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of our systems outside of emergency alerts.
4. What is the new CodeRed system?
Our provider launched a new CodeRed System, which had been in the works. Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening.
5. Does this incident impact the new CodeRed system?
No. Our provider informs that it resides in a non-compromised, separate environment. It also informed that they completed a comprehensive security audit and as engaged external experts for additional penetration testing and hardening.
6. When did this event occur?
Our provider notified us of the cybersecurity incident in November.
7. What is the Provider doing to respond to this issue?
The provider informed us that it promptly took steps to secure its systems, launched an investigation, and engaged external cybersecurity experts to assist. The provider decommissioned the OnSolve CodeRED platform and is the process of moving all customers to its new CodeRED platform.
8. What information of users was involved?
The provider is still investigating this matter, however, the provider informs that the affected personal information appears to be limited to contact information: name, address, email address, phone numbers and/or associated passwords used to create user profiles for alerts. If users have the same password for any other personal or business accounts, those passwords should be changed immediately.
9. Does this mean that users are victims of identity theft?
We have no evidence that any user information has been used to carry out identity theft and/or fraud.
10. Why did this happen?
BE THE FIRST TO COMMENT
Unfortunately, there have been rising cybersecurity risks and penetrations across many organizations as of late.
