Data Of Residents With Port Jeff Alerts May Have Been Compromised In 'Cybersecurity Incident': Village

PORT JEFFERSON, NY — Data associated with Port Jefferson Village residents who signed up for the Port Jeff Alert may have been compromised during a recent "cybersecurity incident," village officials said in an email on Monday.

Officials forwarded an email from the village's alert vendor, OnSolve/CodeRED, stating that the "cybersecurity incident" damaged the OnSolve/CodeRED "environment in a targeted attack by an organized cybercriminal group."

"Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve/CodeRED environment with no contagion beyond," the statement read.

"We have learned that data associated with the legacy OnSolve/CodeRED platform was removed from our systems," the message stated. "While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked."

Patch has reached out to both village officials and the alert vendor for comment.

It went on to say that it appears the impacted dataset may contain contact information of OnSolve/CodeRED users, including their name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts.

If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately, according to the message.

The company has decommissioned the OnSolve CodeRED platform, and its workers have expedited a plan to make our new CodeRED by Crisis24 platform available to all customers, using backup data.

Due to damage to our OnSolve CodeRED platform, backup data is current as of March 31, 2025, the message stated.

"We have also completed a comprehensive security audit of CodeRED by Crisis24 and its infrastructure, as well as engaged external experts for additional penetration testing and hardening," the message continued.

The current CodeRED by Crisis24 platform will provide "only basic alert and notification capabilities using publicly available phone data," according to the message.

Limitations include the loss of IPAWs alerts, which are currently unavailable, as well as weather alerts, and the Shape file library, the message states.

"Unfortunately, we have all witnessed the rising cyberattacks affecting many businesses and organizations," the message said. "We sincerely regret that this event has occurred, and we remain committed to supporting you, our customers, and to restoring your previous alerting and public notification capabilities."

"We ask for your patience while our team diligently works to ensure prompt activation and data upload to your CodeRED by Crisis24 account," the message concludes. "We understand that your users may have questions. We have included some FAQs below to assist you."