OnSolve CodeRED Cyberattack Disrupts Emergency Alert Systems Nationwide
Summary:
The City of University Park, Texas, issued a notification concerning a cybersecurity incident involving its third-party emergency alert vendor, CodeRED (OnSolve). An organized cybercriminal group targeted the vendor's environment, causing disruption and potential user data compromise.
The incident was strictly isolated to the CodeRED software and did not affect any City of University Park internal systems or services. The compromised data is limited to basic contact information: names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts. The vendor is in the process of decommissioning the affected platform and migrating all customers to a new, non-compromised CodeRED platform.
Security Officer Comments:
This incident is the latest impacting public services. These attacks often target entire government networks, forcing the shutdown of critical systems:
The key mitigation strategy for residents is to take immediate personal action:
https://www.uptexas.org/312/Emergency-Notifications
The City of University Park, Texas, issued a notification concerning a cybersecurity incident involving its third-party emergency alert vendor, CodeRED (OnSolve). An organized cybercriminal group targeted the vendor's environment, causing disruption and potential user data compromise.
The incident was strictly isolated to the CodeRED software and did not affect any City of University Park internal systems or services. The compromised data is limited to basic contact information: names, addresses, email addresses, phone numbers, and passwords used to create CodeRED accounts. The vendor is in the process of decommissioning the affected platform and migrating all customers to a new, non-compromised CodeRED platform.
Security Officer Comments:
This incident is the latest impacting public services. These attacks often target entire government networks, forcing the shutdown of critical systems:
- In 2025, Kaufman County, Texas, and La Vergne, Tennessee, reported cyber incidents that took down multiple county systems, forcing government offices to close, halting online utility payments, and postponing court hearings.
- Attacks like the one against St. Paul, Minnesota, which declared a state of emergency, have cost the city well over $1 million to update cybersecurity and restore services, even when no ransom was paid.
- Hackers often target systems that handle taxes and utility payments. For example, the LockBit ransomware group knocked out payment systems for the Wichita, Kansas city government.
- Many attacks exploit weaknesses in software commonly used by multiple municipalities, such as a 2025 advisory where actors leveraged an unpatched vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software to compromise utility billing software providers across several cities.
The key mitigation strategy for residents is to take immediate personal action:
- Change Passwords Immediately: Residents who used the same password for their CodeRED account as for any other personal or business account are strongly recommended to change those passwords right away on all affected platforms.
- Platform Migration: The City is migrating to the new CodeRED platform, which the vendor assures is separate, non-compromised, and has undergone comprehensive security audits and external penetration testing.
- Re-enrollment: Residents must actively follow instructions to re-enroll in the new emergency alert system to ensure they continue receiving critical safety alerts.
- Security Best Practices: The vendor should enforce the use of Multi-Factor Authentication (MFA) for all user accounts and the city should conduct thorough contractual and security reviews of the new vendor platform.
https://www.uptexas.org/312/Emergency-Notifications