Warning signs that are supposed to keep people safe just became the center of a serious cybersecurity scare—and for thousands of residents, the fallout could be very personal.
Craven County’s emergency alert system, which was powered by the OnSolve CodeRED platform, has been taken offline after it was swept up in a broader cyberattack affecting systems across the country earlier this month. The platform is what local officials relied on to instantly notify residents about urgent situations like severe weather, evacuations, or public safety threats. But here’s where it gets especially troubling: the attack didn’t just disrupt service—it also exposed user data.
According to county officials, cybercriminals were able to access personal information stored in the CodeRED system, including names, home addresses, email addresses, phone numbers, and the passwords people used when they created their CodeRED accounts. That means anyone who signed up for alerts on the OnSolve CodeRED platform could now be at risk if they reused that same password on other websites or services. This is the part most people miss: a single compromised password can become a gateway into multiple personal or business accounts if it has been reused.
Craven County is urging anyone who registered for an OnSolve CodeRED account and used that same password anywhere else—whether for banking, social media, work logins, or online shopping—to change those passwords immediately. Cybersecurity experts often recommend using unique passwords for every account and turning on two-factor authentication wherever possible. If you have ever thought, “I’ll just use the same password everywhere to make it easier to remember,” this incident is a powerful reminder of why that approach can be risky.
To restore its emergency alert capabilities, the county is now working with CodeRED by Crisis 24 to roll out a replacement system. The new platform is expected to go live by Friday, which means residents should soon be able to receive emergency alerts again through an updated and supposedly more secure system. While the short downtime may not seem like much, any period when emergency alerts are disrupted raises important questions about how dependent communities should be on a single digital platform for life-safety notifications.
Onslow County, which previously used the OnSolve CodeRED platform but switched to a different alert system in December, is also taking this situation seriously. Officials there have reached out to the company to find out whether data belonging to their residents was included in the breach. Even though Onslow County no longer uses CodeRED, past user data may still have remained on the old system, which is why they are double-checking what, if anything, was exposed.
CodeRED by Crisis 24 has released a set of frequently asked questions to help explain what happened and what users should do next.
Is user data affected?
The provider says that data associated with the OnSolve CodeRED platform may be released publicly as a result of the attack. Their internal investigation so far suggests that the exposed information is limited to contact details: names, physical addresses, email addresses, phone numbers, and the passwords people used when setting up their alert profiles. While that might sound like “just contact info,” combining that data with reused passwords could make it easier for criminals to attempt unauthorized logins elsewhere. If you have used the same password on other personal or business accounts, the provider strongly advises changing those passwords right away. A practical next step is also to monitor your accounts for any suspicious activity.
What happened?
The provider reports that the OnSolve CodeRED environment was targeted by an organized cybercriminal group in a focused cyberattack. This attack damaged the CodeRED environment and compromised the data stored there, but the provider’s investigation so far indicates that the incident was contained within that specific environment. In other words, they say there is no evidence that the attack spread to their other systems outside of the emergency alert platform. Still, whenever a system designed to protect the public is taken down by criminals, it raises a controversial question: are critical public safety tools being hardened quickly enough to keep up with modern cyber threats?
Did this affect other municipal systems?
According to the provider’s forensic analysis, the incident was limited solely to the OnSolve CodeRED environment and did not spread to other systems used by the municipality. That means, based on what they know now, other local government systems—such as billing platforms, internal networks, or non-emergency services—were not directly impacted by this specific breach. Of course, residents may still wonder whether this kind of incident should prompt a broader security review across all connected systems, not just the one that was clearly compromised.
What is the new CodeRED system?
The provider states that it has launched a new version of the CodeRED system, which was already in development before this incident. They emphasize that this new platform is hosted in a completely separate environment that was not compromised during the attack. To reassure customers, the provider says it has performed a comprehensive security audit of the new system and brought in external cybersecurity specialists to conduct additional penetration testing and strengthen the platform against future attacks. In theory, that should mean better protections going forward—but some people may understandably question whether this upgrade came soon enough.
Does this incident affect the new CodeRED system?
The provider says no. The new system is described as running in an isolated, non-compromised environment, separate from the legacy platform that was attacked. They also reiterate that they have completed extensive security reviews and outside testing to improve the platform’s defenses. However, one controversial viewpoint is that “separate” and “secure” are not the same thing—systems can be isolated on paper yet still vulnerable if attackers find new weaknesses. This naturally leads to the conversation: how much trust should the public place in assurances made after a breach has occurred?
When did this event occur?
The provider notified its customers about the cybersecurity incident in November. That timeline means there may have been a period between the initial attack and formal notification when data was already at risk, even if residents did not yet know about it. Many people might ask whether notification standards for such incidents should be stricter or faster, especially when public safety platforms are involved.
What is the provider doing in response?
The provider reports that it quickly took action to secure its systems once the incident was discovered. It launched an internal investigation, brought in external cybersecurity experts, and decommissioned the affected OnSolve CodeRED platform. As part of its response, the provider is in the process of moving all customers away from the compromised platform and onto the new CodeRED system, which they say has been hardened with stronger protections. While that sounds like the right playbook, some might argue that these steps should be standard practice before a breach, not just after one.
What user information was involved?
The provider says the investigation is still ongoing, but current findings indicate that the exposed data appears to be limited to contact information: name, address, email address, phone numbers, and passwords associated with user alert profiles. As with earlier warnings, they stress that anyone who uses the same password on other accounts should change those passwords immediately. A good rule of thumb is to also consider using a password manager and enabling multi-factor authentication to reduce the impact of any future breaches.
Does this mean users are victims of identity theft?
At this time, the provider says there is no evidence that the exposed information has been used to carry out identity theft or fraud. That does not entirely eliminate risk, but it suggests that, so far, the data has not been directly tied to confirmed criminal misuse. Still, users are wise to stay vigilant by checking credit reports, reviewing bank and card statements, and watching for phishing emails that might use their leaked contact details to appear more convincing.
Why did this happen?
The provider points to a broader trend: cybersecurity threats and successful intrusions have been increasing across many organizations in recent years. As attackers grow more sophisticated and persistent, even systems designed for critical public functions are being targeted. The uncomfortable, and potentially controversial, question is whether companies and public agencies are investing enough in proactive cybersecurity measures before incidents force them to make changes.
In the end, this incident highlights a tough reality: tools meant to protect communities can themselves become entry points for cybercriminals if security is not constantly improved. That raises a question for you: do you feel that companies handling public safety data should face stricter regulations and penalties when breaches occur, or do you think incidents like this are an unfortunate but inevitable part of our digital world? Share where you stand—do you agree with how this situation is being handled, or do you think local governments and providers should be held to a much higher security standard?
