BETHLEHEM, Pa. — A mass notification system used in the Lehigh Valley has been compromised by a cyberattack, emails sent to users said.
The Northeast PA Regional Counter-Terrorism Task Force is encouraging OnSolve CodeRED customers to change their passwords for the alert system, which notifies people of emergencies via calls, texts, and emails.
Crisis24, described as "a global provider of integrated risk management solutions," said it suspended access to its platform, OnSolve CodeRED, and alerted customers of the cyberattack on Nov. 10.
Some local users did not receive notification until Dec. 5.
The incident affects Lehigh and Northampton county customers. The City of Allentown, Upper Saucon Township, Salisbury Township, Northampton County and Lehigh County use the CodeRED system.Terrorism Task Force email to CodeRED subscribers
The terrorism task force said customer information that may have been compromised includes names, addresses, e-mail addresses, phone numbers, and/or associated passwords.
The company said an organized cybercriminal group has claimed responsibility of the attack.
"We believe data associated with the platform was removed from the OnSolve CodeRED system and this may contain information for OnSolve CodeRED subscribers," a Nov. 26 news release from Crisis24 says.
"We have encouraged our customers to inform subscribers who may have reused their OnSolve CodeRED password for any other personal or business accounts to change those passwords immediately."
In an email to CodeRED subscribers, the terrorism task force said the incident affects Lehigh and Northampton county customers.
The City of Allentown, Upper Saucon Township, Salisbury Township, Northampton County and Lehigh County use CodeRED system as a mass notification system for emergencies like weather events, chemical spills or gas leaks as well as for important non-emergency alerts like parking restrictions and street closures.
It also includes those in Carbon, Lackawanna, Luzerne, Monroe, Pike, Susquehanna, Wayne and Wyoming counties.
'Deeply regrets the inconvenience'
Crisis24 said its CodeRED platform "requires only basic contact information necessary" to deliver mass notifications and emergency alerts.
"While certain data has appeared online, investigators have not yet confirmed whether the material originated from the OnSolve CodeRED system or determined the specific scope of any data involved," the release says.
"The company's forensic investigation remains active and is expected to continue in the near term."
Crisis24 has since "decommissioned" the OnSolve CodeRED platform.
The terrorism task force said all customer data entered into the system since March 31 has been lost and subscribers enrolled after that date will need to re-enroll once it is fully available — only some parts of the app are currently functional.
"The Task Force 10 County EMAs are working with the Crisis24 CodeRED service staff to make that system available as soon as possible," the task force said in an email.
"While the incident originated entirely within a third-party vendor's system, we understand that it may cause concern for our citizens.
"Therefore, we are sharing the information that has been provided to us by OnSolve CodeRED."
Crisis24 said it is urging all customers to disperse this information with emergency management stakeholders including law enforcement, first responders and 911 dispatch centers "to ensure consistent communication."
"Crisis24 deeply regrets the inconvenience caused by this incident and is committed to ensuring the prompt restoration and address of alert and notification needs for its CodeRED customers," the company said.
Residents with questions or concerns about the data breach can contact CodeRED customer support directly by phone at 1-866-939-0911, by email at crsupport@crisis24.com, or in-person or by mail at 6240 Avalon Blvd., Alpharetta, Georgia 30009.
