Overview
- Officials say the breach was confined to the legacy CodeRED environment, which has been permanently decommissioned as migrations to CodeRED by Crisis24 proceed.
- Stolen data includes contact details and account passwords, and leaked samples show clear‑text passwords, so users who reused credentials are urged to change them immediately.
- Service on the rebuilt platform was restored from a March 31, 2025 backup, meaning accounts created after that date are missing and must be re‑established.
- INC Ransom has claimed responsibility, asserting file encryption on November 10 and offering stolen data for sale, with cybersecurity outlets publishing screenshots of purported records.
- Multiple jurisdictions are canceling or reevaluating contracts and relying on interim measures such as social media, door‑to‑door notifications, or alternate vendors, while stressing that internal systems and 911 services were not affected.