BELMONT COUNTY, Ohio – Nearly 11,000 Belmont County residents may have had their personal data and passwords stolen and leaked online by hackers in a “targeted attack by an organized cybercriminal group” though the CodeRED emergency alert system used by the county, according to Crisis24, the company now in charge of the system. OnSolve was the name the company used prior to the hack.
Belmont County 911 Director Brian Minder told River News in an email Monday afternoon that approximately 10,800 contacts were in the county’s CodeRED system database before an outage caused by hackers disabled the system on Nov. 13, but said he does not know how many names, addresses, phone numbers, or emails were specifically stored since OnSolve maintained that data.
“We do not have access to each name, address, phone number or email. That information has never been provided to us for privacy reasons.”
Belmont County 911 Director Brian Minder
Minder provided River News with an email he received Monday from Grégoire Pinton
Managing Director, Integrated Risk Management at Crisis24 which urges those who signed up for emergency alerts through CodeRED to change their passwords since they were exposed in what he calls a “targeted attack by an organized cybercriminal group.”
Here is an excerpt from Pinton’s email to Belmont County 911:
“Dear Valued Customer,
Further to our previous communications, we’d like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve Code RED environment in a targeted attack by an organized cybercriminal group…
We have learned that data associated with the legacy OnSolve Code RED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.
It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.”
Grégoire Pinton, Managing Director, Integrated Risk Management at Crisis24
email to Brian Minder, Belmont County 911
In a statement to River News, Crisis24 said, “We confirm that data potentially associated with the legacy OnSolve CodeRED platform has been published online following a targeted attack by an organized cybercriminal group. The attack also resulted in damage to the OnSolve CodeRED environment. Current forensic analysis indicates that the incident was fully contained within that environment, with no contagion beyond.”
Crisis24 told customers that data from the legacy CodeRED platform was “removed from our systems” in a targeted cyberattack and may be leaked.
According to the company’s statement to Minder, the stolen data may include “name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts.” Crisis24 warned that users who reuse passwords for other accounts should change them immediately.
Minder said he cannot confirm how many Belmont County residents were directly affected, but assumed it would correspond to the 10,800 contacts in the database.
The OnSolve/CodeRED system went down nationwide earlier in November due to a cyber attack. Minder told River News that Belmont County’s CodeRED service went offline on Thursday, Nov. 13, 2025. Minder did not notify the public or media of the outage until Wednesday, Nov. 19, 2025 after River News raised questions about the safety of Belmont County residents who were potentially left vulnerable without an emergency notification system.
Minder says the county now has access to its old CodeRED contact database again following the nationwide cybersecurity breach that disabled the emergency alert system. Minder said that the new Belmont County emergency alert system was functioning as of Monday afternoon and that staff was learning how to use it. He confirmed the county is now able to send emergency alerts again using restored data.
“We are learning how to use the new system now and are working to get all of our previous users back up and running. At this time, we have full use of the system for emergency purposes.”
Brian Minder, Belmont County 911 Director
However, according to Pinton, the new CodeRED by Crisis24 system is now active but operating with limited capabilities until full data restoration is complete.
Minder said Belmont County did not retain a backup copy of the data residents submitted when they signed up for the CodeRED emergency alert system and that all personal information held solely by CodeRED/OnSolve.
“No. We have never had access to the database for privacy reasons. The database was held, maintained and secured by On Solve. We were never privy to the contents.”
Brian Minder, Belmont County 911 Director
Crisis24 says its forensic analysis shows the breach was confined to the old CodeRED environment and that the platform has since been decommissioned. Backup data restored to counties is current only through March 31, 2025.
Minder added that neither the Ohio EMA, FEMA, nor any other state or federal agency has issued guidance on how counties should handle the outage or the possible data exposure.
“I have never received guidance from anyone,” Minder said, adding he knows of no state or federal protocol for emergency-alert system failures of this kind.
River News asked the Ohio Emergency Management Agency about the CodeRED outage and how counties should respond. Sandy Mackey of the Public Affairs Office of the Ohio Emergency Management Agency said “there are no laws pertaining to county emergency alert systems” and encouraged Ohioans to “have more than one way to receive emergency alerts and notifications so they are never without a way to get reliable, timely, and accurate information.”
When asked what recourse Belmont County residents have about their data being hacked in what Crisis24 calls a “targeted attack by an organized cybercriminal group” and whether they will be individually notified, or why no public notification has been issued, Minder said those questions must be directed to the Crisis24.
Follow River News online and on Facebook for updates to this developing story.
