Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OnSolve CodeRED user data theft and sale claim

Data Leak
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The OnSolve CodeRED data theft is escalating into a for-sale leak claim, raising the risk that names, addresses, email addresses, phone numbers, and passwords will spread beyond the breach. Crisis24 said the data was taken from the CodeRED environment, while the company reported no evidence it had been posted online at the time of notice. INC Ransom later claimed responsibility and said it was selling stolen files after the attack.

Related Happenings

Crisis24 hit by network compromise

Incident
First: 25.11.2025 23:48 Last: 25.11.2025 23:48 Sources 1

How related: A cyber-attack on the OnSolve CodeRED platform used by state and local agencies across the US has disrupted emergency notifications and exposed user data.

About this happening: The **OnSolve CodeRED platform** suffered a **cyberattack** that disrupted emergency notification systems for **state and local governments** and public safety agencies across the...

Latest development: 26.11.2025 18:15

INC Ransom claimed responsibility for the OnSolve CodeRED compromise, said it accessed OnSolve systems on November 1 and encrypted files on November 10 after ransom talks failed, and said it is selling stolen files that include customer data and clear-text passwords.

Open Happening

Pennsylvania Office of Attorney General hit by ransomware attack linked to INC Ransom

Incident
First: 17.11.2025 17:57 Last: 17.11.2025 17:57 Sources 1

About this happening: Pennsylvania's **Office of the Attorney General** confirmed a **ransomware attack** that disrupted its website, email, and phone systems and raised concern that files were accesse...

Open Happening

Timeline

  1. 26.11.2025 18:15 1 articles · 6mo ago

    INC Ransom claims November 1 access to CodeRED systems

    Exploitation Observed

    INC Ransom says it accessed OnSolve systems on November 1, marking the start of the compromise against the CodeRED environment used by state and local agencies across the US.

    Show sources
    Open in new tab
  2. 26.11.2025 18:15 1 articles · 6mo ago

    INC Ransom claims November 10 encryption of CodeRED files

    Exploitation Observed

    INC Ransom says it encrypted files on November 10 after ransom talks failed, indicating escalation inside the compromised CodeRED environment.

    Show sources
    Open in new tab
  3. 26.11.2025 18:15 2 articles · 6mo ago

    CodeRED data theft disclosed and stolen-file sale claims emerge

    Victim Impact Update

    Crisis24 confirmed that data was stolen from the CodeRED environment and reported no evidence that the information had been posted online, while INC Ransom claimed responsibility, published screenshots that appeared to show customer data with clear-text passwords, and said it was selling stolen files; the incident disrupted emergency notifications, many local governments issued resident notices, staff in multiple municipalities moved to migrate to the new platform, the restored system relied on March 31 2025 backups with some user accounts missing, and the legacy platform was permanently decommissioned and rebuilt in a new isolated infrastructure.

    Show sources
    Open in new tab