LEONARDTOWN, Md. — St. Mary’s County Government’s Department of Emergency Services has released new details from a forensic investigation into a November 2025 ransomware attack on the legacy CodeRED emergency notification platform, confirming limited exposure of outdated subscriber data but no compromise of active passwords or highly sensitive personal information.
The incident, which prompted the permanent decommissioning of the OnSolve CodeRED legacy system, began with unauthorized access as early as October 31, 2025, followed by ransomware deployment on November 10, 2025. This attack encrypted certain servers and caused significant damage to the legacy environment, leading to a nationwide suspension of the old platform.
CodeRED, a third-party service utilized by numerous local governments for sending emergency alerts via phone, text, email, and other channels, conducted the investigation with its internal security teams and external cybersecurity experts. The probe identified a data transfer tool but found no conclusive evidence that any data was exfiltrated from the system.
The exposed information affected only a small percentage of users and was contained in two legacy data sets:
- The first included usernames, phone numbers, and inactive passwords that had been deactivated and replaced during a 2015 platform migration.
- The second contained usernames paired with encrypted passwords that remain unreadable and unidentifiable, with no indication that the encryption keys were accessed.
CodeRED has explicitly stated that the exposed data did not encompass first or last names, addresses, or other personally identifiable sensitive details, nor did it include any currently active passwords.
In light of these findings, previous recommendations for residents to change passwords—issued out of caution following the initial disclosure—have been updated. No active passwords were compromised, reducing the immediate risk level. Residents are nonetheless urged to stay alert for phishing attempts or unsolicited requests for personal or financial information, a standard precaution amid any potential data exposure.
The legacy OnSolve CodeRED platform has been fully decommissioned. On January 6, 2026, the St. Mary’s County Commissioners approved the adoption of Regroup Mass Notification as the replacement system, based on evaluations and recommendations from the Departments of Emergency Services and Information Technology. Further details about the transition, enrollment processes, and features of the new platform are expected to be announced in the coming weeks.
This update underscores St. Mary’s County Government’s emphasis on transparency and community protection following the third-party breach, which remained isolated to CodeRED’s legacy systems and did not impact county-operated networks.
Residents seeking additional information or with concerns about emergency notifications can reach the Department of Emergency Services at EMA@stmaryscountymd.gov or by calling (301) 475-4200, extension 2125.