Executive Summary
- OnSolve CodeRED, Cherokee County’s notification provider, suffered a targeted cyberattack.
- Automated National Weather Service severe weather alerts are currently disabled.
- Exposed data includes names, addresses, contacts, and passwords, but no financial info.
- Residents are urged to change reused passwords and seek alternate alert sources.
- The provider is migrating services to a new, secure platform following the breach.
Cherokee County officials announced that OnSolve CodeRED, the county’s primary mass notification provider, has been targeted in a cyberattack, forcing the suspension of automated severe weather alerts. While the county retains the ability to issue manual public safety notifications through a backup system, officials confirmed that the automated relay of National Weather Service (NWS) alerts is currently non-operational.
According to a statement released by the county, the service provider identified the breach as a targeted attack by an organized cybercriminal group. The investigation indicates that the compromise is strictly contained within the OnSolve CodeRED environment and has not spread to other county systems. However, officials advised residents to secure alternative methods for receiving time-sensitive weather warnings, particularly as the NWS has forecast potential isolated severe storms for north and central Georgia.
OnSolve reported that the data potentially exposed in the breach includes user contact information such as names, addresses, email addresses, phone numbers, and associated passwords used for alert profiles. The provider emphasized that the system does not collect or store Social Security numbers or banking information, and there is currently no evidence that user data has been utilized for identity theft or fraud.
In response to the security incident, OnSolve has decommissioned the compromised platform and is in the process of migrating all customers to a new CodeRED system. The provider stated that the new platform resides in a separate, non-compromised environment that has undergone a comprehensive security audit and external penetration testing.
Cybersecurity and Public Safety Infrastructure
This incident underscores the vulnerability of third-party digital infrastructure critical to public safety and emergency management operations. The disruption of automated weather alerts highlights the operational risks associated with supply chain cyberattacks, where a breach at a vendor level can directly impact municipal services. As local governments increasingly rely on digital platforms for mass communication, the necessity for robust redundancy protocols and diversified alert channels becomes essential to ensure public safety remains uncompromised during digital outages.
