Skip to content
DysruptionHub
Sign in Subscribe

CodeRED vendor limits alert platform during security review

Crisis24 says capabilities are constrained; agencies in Colorado, California, New Mexico, Montana and Texas report impacts

By Joseph Topping
Side-by-side smartphone screenshots showing emergency alert pop-ups from NYC OEM: one lists “Take shelter”
Emergency alert messages on smartphones in New York City on Nov. 16, 2012, during the post–Hurricane Sandy response. Wireless Emergency Alerts advised residents to take shelter and avoid driving. Credit: U.S. National Archives / FEMA (public domain)
Published:
|
Share to X Share to Bluesky Share to Facebook Share to LinkedIn Share by email

Crisis24 has limited access to its CodeRED emergency alert platform while the company reviews potential vulnerabilities, according to notices from local agencies that use the system. Los Alamos County, N.M., said CodeRED notified officials at 5:52 p.m. Nov. 13 about possible issues and briefly suspended access before restoring service with limited capabilities.

“There is no indication that any customer data or personal information has been compromised,” Ann Pickren, a senior vice president for CodeRED, said in a statement quoted by Los Alamos County.

Fort Worth, Texas, told residents the vendor removed access to the legacy CodeRED software after detecting potential security risks. The city said that, out of caution, FEMA’s Integrated Public Alert and Warning System is disconnecting alerting authorities that originate messages through CodeRED, and that backup paths remain available.

Other jurisdictions reported limits or outages between Nov. 10 and Nov. 14. Weld County, Colo., said the vendor took CodeRED offline Nov. 10 and emphasized the outage does not affect 911. Douglas County, Colo., described a statewide CodeRED outage and said contingency plans are in place. Glenn County, Calif., urged residents to use Nixle during what it called a systemwide outage. Cascade County, Mont., postponed a public CodeRED test and later moved to end its contract, citing a weeklong disruption.

CodeRED is marketed by Crisis24, which says the product, formerly known as OnSolve CodeRED, supports alerts across text messages, email, phone and IPAWS.

Other vendors have reported security incidents affecting public communications in recent weeks. On Oct. 29, Calvert County, Md., said its Everbridge emergency-notification account was compromised and sent an unauthorized message to 12,409 subscribers before officials disabled the platform during a security review. In early October, Memphis-Shelby County Schools said Finalsite, a K-12 mass-messaging provider, suspended services after a security breach; the district reported no data impact and shifted to backups.

Officials in multiple jurisdictions said 911 and police dispatch remain operational while CodeRED capabilities are constrained.

Agencies say they will continue to post updates and use alternate channels until CodeRED’s full functionality is restored. Crisis24 has not publicly detailed the vulnerability under review.

Joseph Topping

Joseph Topping

A writer, intelligence analyst, and technology enthusiast passionate about the connection between the digital and physical worlds. His views expressed here do not necessarily reflect those of his employer, and he writes here as an individual.

All articles
Tags: Private Sector Technology vendor Service Interruption Colorado California New Mexico Montana Texas

More in Private Sector

See all

More from Joseph Topping

See all