A recent cyberattack on the CodeRED notification system has compromised the personal information of thousands of Colorado residents. The emergency alert service, which is used by several counties in the state to inform people about evacuation orders and other emergencies, experienced what law enforcement has identified as a targeted cyberattack by an "organized cybercriminal group," as reported by Denver7.
In the wake of the breach, Grand and Park Counties announced the system's shutdown, with Park County officials noting that the subscriber data compromised included names, addresses, email addresses, phone numbers, and/or associated passwords used to create user profiles for alerts. The Thornton Police Department also warned users to change passwords, particularly if they were duplicated across other platforms, the Denver Post reports.
The Douglas County Sheriff’s Office has moved away from using the CodeRED platform and is currently seeking a new alert network. "For us, CodeRED has always worked and, unfortunately, until it didn’t," said Taylor Davis, a division chief of support services at the Douglas County Sheriff's Office, as obtained by 9NEWS. The office reported issues logging into the system as early as November 10, which raised initial concerns.
Davis also highlighted the sheriff's proactive measures, including the termination of their contract with CodeRED and the decision to find another company for emergency alerts. She reiterated the value of such a system, adding, "Obviously, we want folks to opt into this system. We think there’s a lot of value in it," Davis said. "But if people choose not to, we respect that as well." Despite these challenges, the sheriff’s office is handling emergencies by going door-to-door and using social media in the interim. Park County officials have chosen the Crisis24 platform to replace the CodeRED system, according to Denver7.
