Mt. Lebanon street during fall with trees with orange red and yellow leaves, leaves on the ground, three people walking on the sidewalk

What’s Trending

How Do I?

If you aren’t sure where to look for specific information on our website, please search here using keywords to learn anything from what day trash pick-up is, how to license your pet or plan a block party to how to volunteer in the community or start a business here.

CODERED by Crisis24
Return to Trending

Posted on: December 3, 2025

CodeRED Confirms Nationwide Cybersecurity Breach


UPDATED: Tuesday, December 23, 2025:

Update On OnSolve CodeRED Data Breach Investigation

The Municipality of Mt. Lebanon is providing an update to the community regarding OnSolve CodeRED’s data breach investigation. On December 22, 2025, we received the following information from CodeRED:

Based on the external forensic expert’s findings, we can report that the threat actor gained access to the OnSolve CodeRED IT environment as early as October 31, 2025, moved laterally across the environment, and deployed INC Ransomware to the environment on November 10, 2025, encrypting various servers. The data exfiltration tool, rclone, was discovered on one server, but the forensic expert did not identify any evidence on the server confirming that data was exfiltrated.

Additional investigation shows that the threat actor exposed some limited subscriber information impacting a small percentage of subscribers in two data sets. The first contains usernames, phone numbers and inactive, outdated passwords that were deactivated and changed in 2015 during a platform migration. The second contains usernames with encrypted passwords. These passwords are not readable or identifiable, and we have no evidence that any encryption keys for these passwords were accessed.

Although we previously suggested, in an abundance of caution, that users who may have reused their OnSolve CodeRED password for other personal or business accounts change those passwords, the above-mentioned exposed data sets do not include any active passwords and instead only include deactivated passwords used before 2015. Importantly, the data sets mentioned above do not contain first or last names, addresses or other personal or sensitive information.”

Although CodeRED confirmed that the affected data only involved deactivated passwords and no other personal information, we encourage all CodeRED users to remain vigilant about privacy and security practices. Please consider regularly changing your passwords and contacting credit bureaus to verify that your personal identifying information has not been compromised.

The Municipality of Mt. Lebanon was among hundreds of agencies impacted by this nationwide cybersecurity incident.

Thank you again for your patience and understanding. If you have any concerns or questions regarding this incident, please contact CodeRED directly at .

The Municipality of Mt. Lebanon is notifying the community of a nationwide cyberattack targeting the OnSolve CodeRED emergency notification system cloud-based database.

According to OnSolve, the vendor, community members and residents who are signed up for CodeRed notifications via the LeboEmergency service are highly encouraged to change/update their passwords for other personal or business accounts if they used the same password as they did to make the emergency notification system account.

According to OnSolve, an organized cybercriminal group has claimed responsibility for this attack on the CodeRED platform. OnSolve believes that data associated with the platform was removed from their systems and the data appears to have been published online.

It appears that the impacted dataset may contain contact information of OnSolve CodeRED users, including: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If you have used the same password for any other personal or business accounts, you should immediately change those passwords. CodeRED has decommissioned the breached platform and is moving all customers to the new CodeRED by Crisis24 system, which was not impacted by the attack and has undergone additional security testing.

The CodeRED emergency notification system is a voluntary program where residents can sign up to receive emergency alerts affecting the municipality, such as active shooter, chemical leak, train derailment or missing at-risk persons.

CodeRED is NOT related to the Emergency Alert System (EAS), which is the federal government-managed emergency notifications system. It should also not be confused with LeboALERT, Mt. Lebanon’s non-emergency, opt-in database used for updates such as road closures, community events, trash collection delays and similar information.

Updates will be posted as they become available. Thank you for your patience and understanding.


A police officer in uniform sits and a table and talks with a woman

Coffee with a Cop

Picture of the Mt. Lebanon Municipal Building against a blue sky

News FLASH -- Quick items you need to know
Male runner in a white tank top crosses the finish line in a race

Road closures for Martha's Run April 11
Orange road construction signs

Where is the road work?
Red, white and blue buttons that say

Election information
the words

Join us for Memorial Day 2026 in Mt. Lebanon
Seven Ten newsletter text over black and white photo of a main street business district

Seven Ten newsletter
covers of Mt. Lebanon Magazine

Mt. Lebanon Magazine has the latest news!
Woman using a smartphone with the word

2026 Budget Information
CODERED by Crisis24

CodeRED Confirms Nationwide Cybersecurity Breach

Check out what’s

Trending

A police officer in uniform sits and a table and talks with a woman

Coffee with a Cop

Visit
People running on a rack with race bibs
People gathered on the grass for a picnic, an outside view
People sitting outside eating under large umbrellas on a patio
Girls in Lebo jerseys playing soccer on a field