ASHLAND, MA — A cyberattack on CodeRED, a third-party emergency notification platform used by the town, has compromised user account data for residents who created accounts with the service.
The INC Ransomware Group has claimed responsibility for the attack, according to an investigation by the Commonwealth Fusion Center.
Compromised data may include first and last names, physical addresses, email addresses, phone numbers, and usernames and passwords used to create CodeRED accounts.
The cyberattack has affected municipalities nationwide.
CodeRED has taken the compromised legacy version of its platform offline to prevent further unauthorized access.
Town officials are strongly recommending that residents change their passwords on any other accounts that use the same password as their CodeRED account.
The compromise is limited to data associated with user-created accounts.
Residents who have received CodeRED alerts in the past but never personally created an account with a username and password are not affected.
CodeRED utilizes e911 capabilities, which allows the town to send out alerts to residents even if they are not registered with the platform.
The Commonwealth Fusion Center is monitoring the investigation and will provide updates as they become available.
