CodeRED, the emergency notifications system used by the Town of Goshen (and many others), experienced a targeted cyberattack that forced their system offline while they work on restoring the their service.
The Commonwealth Fusion Center, Massachusetts’ statewide cyber intelligence hub, has learned through their investigation that a ransomware group has taken responsibility for this attack, and the group has claimed that user account data has been stolen.
This data includes the following information for CodeRED users:
- names
- addresses
- email addresses
- phone numbers
- passwords used to create CodeRED accounts.
The Commonwealth Fusion Center recommends if you use the same password for CodeRED that you use for any other account, they strongly recommend changing those passwords right away.
CodeRED has decommissioned the old platform and is moving all customers to the new CodeRED by Crisis24 system, which was not impacted by the attack and has undergone additional security testing.
Updates will be posted as they become available, including when the service is restored and whether users will need to re-register. Thank you for your patience and understanding.
Larry Holmberg
Emergency Management Director
Towns of Chesterfield & Goshen, MA
ADDITIONAL INFORMATION on this INCIDENT BELOW
CodeRED is used by local governments to deliver fast, targeted alerts during severe weather, evacuations, missing persons, and other urgent events. Both the data breach and the service outage have serious implications for communities.
The OnSolve CodeRED system is a cloud-based platform used by city, county, and state agencies to send emergency alerts via voice calls, SMS, email, mobile app notifications, and national alerting systems. Because of the incident, some regions temporarily lost access to the system and had to rely on social media or other methods to reach the public.
CodeRED is not the same as the Emergency Alert System (EAS), which is the federal government-managed emergency notifications system. The CodeRED emergency notification system is a voluntary program where residents can sign up to receive notifications and emergency alerts affecting the municipality in which they live.
The cause is a ransomware attack claimed by the INC Ransom group. The group posted screenshots that show stolen customer data, including email addresses and associated clear-text passwords.
The INC Ransom group also published part of the alleged ransom negotiation, suggesting that Crisis24 (the provider behind CodeRED) initially offered $100,000, later increasing the offer to $150,000, which INC rejected.
The incident forced Crisis24 to shut down its legacy environment and rebuild the system in a new, isolated infrastructure.
Cyberattacks happen, and data breaches are not always preventable. But storing your subscriber database—including passwords in clear text—is rather careless. Providers should assume people reuse passwords, especially for accounts they don’t view as very sensitive.
Protecting yourself after a data breach
If you think you have been the victim of a data breach, here are some steps you can take to protect yourself:
- Check the vendor’s advice. Every breach is different, so check with the vendor (see the top of this page) to find out what’s happened and follow any specific advice it offers.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication. If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for impersonators. The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.