Overview:

Montague has authorized a contract with Rave Mobile Safety to provide residents with a new emergency communication platform after the OnSolve CodeRED platform was hacked, leaking subscriber and customer data. The new system will allow residents to register for alerts via text message without the need for usernames or passwords, and will be operational within the next two to four weeks. Other towns in Franklin County have also been affected by the hack, with some looking at new systems and others urging residents to take precautions.

MONTAGUE โ€” After the emergency notification system OnSolve CodeRED was impacted by a data breach, the Selectboard has approved a contract with Rave Mobile Safety to provide residents with a new communication method that doesnโ€™t require usernames or passwords.

The 18-month, $5,000 contract provides the town with a communication service that will allow residents to text a number to register to receive alerts sent out by the town in a variety of scenarios, such as when snowstorms prompt the declaration of parking bans.

The decision to switch to this new system comes after the OnSolve CodeRED platform experienced a cyberattack that leaked subscriber and customer data and disrupted the ability of local governments and first responders across the United States to send out notifications in November.

Crisis24, the company that owns OnSolve CodeRED, was forced to decommission the platform after the attack and notified CodeRED customers of the situation on Nov. 10, according to a Nov. 24 statement.

Crisis24 says in the statement that an โ€œorganized cybercriminal groupโ€ took responsibility for the data breach. A report by the information security and technology news publication Bleeping Computer names INC Ransomware as the perpetrator of the hack, which posted passwords and emails for CodeRED customers โ€” the towns and agencies โ€” to the online traffic encrypting web browser called Tor Browser.

โ€œWhile certain data has appeared online, investigators have not yet confirmed whether the material originated from the OnSolve CodeRED system or determined the specific scope of any data involved,โ€ the Crisis24 statement reads.

Montague experienced disruptions during the week of Dec. 1 as the first snowstorm of the season impacted the town. Notification of parking bans could not be sent via CodeRED.

Town Administrator Walter Ramsey shared during the Dec. 8 Selectboard meeting that in light of the new CodeRED system requiring users to provide a username and password, and the town losing two-thirds of those who signed up for the service, the town was considering switching to a system that would have fewer user barriers.

โ€œThey do not have to put their credentials in and create an account on an online portal,โ€ Executive Assistant Fern Smith said about Rave Mobile Safety during Mondayโ€™s Selectboard meeting, adding, โ€œwhich gave us a lot of pause, because the same company that just told us they had a ransomware for all their information was asking us to double down and provide them more information.โ€

Smith said that before Rave Mobile Safety is launched, alerts will be posted on the Montague town website and Facebook page, as well as on the Montague Police Departmentโ€™s Facebook page.

Ramsey said the extent of the impact of the data breach that heโ€™s aware of is that some town staff had to change passwords as managers of the CodeRED system. He said the Rave Mobile Safety system could be up and running within the next two to four weeks.

โ€œI think itโ€™s an important service that we should make sure is operational, so letโ€™s give them a shot,โ€ Selectboard Vice Chair Richard Kuklewicz said about rolling out the new system.

Other towns impacted

As the November incident was a nationwide cyberattack, some other Franklin County towns have responded to the hack.

In Warwick, Town Coordinator David Young shared a statement about the hack via the Friends of the Warwick Police Department Facebook page on Dec. 5. He said people who reuse their CodeRED passwords on other platforms are most at risk.

โ€œThey were hacked, and the hackers now have our email addresses, mobile phone numbers and CodeRED passwords,โ€ Youngโ€™s statement reads. โ€œThe major vulnerability here is to people who reuse passwords. I want to, in particular, underline this vulnerability: password reuse. If you tend to use the same password everywhere, it is time to change it.โ€

As was the case in Montague, CodeRED was unable to be used during the snowstorm earlier this month, during which Warwick needed to notify residents of a school closure.

Young said that as a result of the hack, the new CodeRED system is being updated and will be online soon.

In Leverett, the Leverett Fire/EMS Facebook page shared a statement on behalf of the Leverett Selectboard and Town Administrator Margie McGinnis regarding the CodeRED hack. The statement urged their residents to take precautions amid the data breach.

โ€œWe are asking you to do this for your own security and personal privacy. This affects only those residents who created their own free CodeRED account with their own unique password,โ€ the statement reads. โ€œIt is unfortunate that this has happened during a period when Leverett has had events that needed to be communicated to residents and we join you in hoping the system is working again soon.โ€

In Gill, the town has used CodeRED since 2017 and town officials intend to continue to use the platform, Town Administrator Ray Purington said on Tuesday. He said any resident with a Gill address can register for the CodeRED system on the Gill town website.

Purington said heโ€™s not aware of any Gill residents who have been impacted by the data breach, and he intends to use the system during the Christmas and New Yearโ€™s holidays to announce changes to the trash collection schedule.

Erin-Leigh Hoffman is the Montague, Gill, and Erving beat reporter. She joined the Recorder in June 2024 after graduating from Marist College. She can be reached at ehoffman@recorder.com, or 413-930-4231.