The City of Geneseo wishes to inform residents that an external cybersecurity incident has occurred at OnSolve, the company responsible for the CodeRED alert system, which is used by several municipalities, including Geneseo, for emergency notifications. This system operates completely independently of municipal systems. As such, none of the Town’s technological infrastructure has been affected, and the situation is strictly limited to the external provider OnSolve.
Several North American cities that are OnSolve customers have also been affected by this incident. According to information provided by OnSolve, data associated with the CodeRED platform was removed from their systems by an unauthorized third party and may be made public. The personal information provided to CodeRED and affected by this incident consists of basic contact details, including name, address, phone number, and email address, as well as the password associated with the account profile creation.
CodeRED and associated accounts are no longer accessible, as the platform has been deactivated. The risks associated with this incident are mainly limited to the reuse of the same CodeRED password for other services.
What you need to do:
Many of our residents simply signed up for alerts on the CodeRed System without creating full CodeRed Accounts. However, if you have a CodeRed account with a user name and password, and it is the same as the password you use to access other online services, we recommend that you immediately change these passwords and replace them with a unique, strong password for each service. As always, be vigilant about unsolicited or unexpected communications.
The City would like to reassure the public that:
- No municipal systems have been affected;
- Our infrastructure remains secure.
OnSolve is continuing its investigation and working to restore the integrity of its platform. Geneseo will soon have access to a new OnSolve platform, which is expected to be launched in the coming days. Since it is possible that the complete list of subscribers cannot be recovered from OnSolve, further communication will follow to explain how to register for the updated alert system once it is operational. The City is monitoring the situation closely and will continue to keep residents informed of any significant developments in this matter.
FAQ
1. Is user data affected?
Our provider informed us that data potentially associated with the
OnSolve CodeRED platform may be published. Our provider’s
investigation suggests that the affected personal information is limited to
contact information: name, address, email address, phone numbers
and/or associated passwords used to create user profiles for alerts. If
users have the same password for any other personal or business
accounts, those passwords should be changed immediately.
2. What happened?
Our provider notified us that the OnSolve CodeRED environment was the
victim of a targeted cyber-attack by an organized cybercriminal group.
The attack damaged the OnSolve CodeRED environment. Our provider’s
investigation indicates that this is an incident strictly contained within
the OnSolve CodeRED environment with no contagion beyond. This does
not impact any of our systems outside of emergency alerts.
3. Did this impact other systems for the municipality?
No. Our provider’s forensic analysis indicates that this is an incident
strictly contained within the OnSolve CodeRED environment with no
contagion beyond. This does not impact any of our systems outside of
emergency alerts.
4. What is the new CodeRed system?
Our provider launched a new CodeRed System, which had been in the
works. Our provider assures us that the new CodeRED platform resides
on a non-compromised, separate environment and that they completed
a comprehensive security audit and engaged external experts for
additional penetration testing and hardening.
5. Does this incident impact the new CodeRed system?
No. Our provider informs that it resides in a non-compromised, separate
environment. It also informed that they completed a comprehensive
security audit and as engaged external experts for additional penetration
testing and hardening.
6. What is the Provider doing to respond to this issue?
The provider informed us that it promptly took steps to secure its
systems, launched an investigation, and engaged external cybersecurity
experts to assist. The provider decommissioned the OnSolve CodeRED
platform and is the process of moving all customers to its new CodeRED
platform.
7. What information of users was involved?
The provider is still investigating this matter; however, the provider
informs that the affected personal information appears to be limited to
contact information: name, address, email address, phone numbers
and/or associated passwords used to create user profiles for alerts. If
users have the same password for any other personal or business
accounts, those passwords should be changed immediately.
8. Does this mean that users are victims of identity theft?
We have no evidence that any user information has been used to carry
out identity theft and/or fraud.
9. Why did this happen?
Unfortunately, there have been rising cybersecurity risks and
penetrations across many organizations as of late.