Notice Regarding CodeRED Cyber Incident

We wish to share with you that Loyalist Township has been notified by OnSolve, the provider of our critical notification system, of a recent cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. This has resulted in a privacy breach which may affect you. Loyalist Township was informed of the breach on November 26, 2025.

Loyalist Township uses the CodeRED platform to send notifications for critical emergency, ferry service and non-emergency to registered subscribers via email, text and phone-based alerts.

What happened?

An organized cybercriminal group has claimed responsibility for the attack affecting the OnSolve CodeRED platform. OnSolve informed the Township that data potentially associated with the OnSolve CodeRED platform subscribers may be used in an unauthorized manner by this cybercriminal group. OnSolve’s forensic analysis indicates that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond. This does not impact any of the Township’s systems outside of emergency alerts. Investigation is ongoing.

For more information, you can read the notice posted on the OnSolve website.

How are you affected?

OnSolve’s investigation suggests that the affected personal information may depend on your method of enrollment:

• Ferry notification users – If you registered to use CodeRED specifically for ferry service notifications via a form on the Township website, your name, address, email and phone number may have been accessed.
• If you registered for CodeRED via a community enrollment form and created a password for your account, your name, address, email, phone number and the password you created to enroll may have been accessed.

What can you do?

If you have used the same password for CodeRED that you use for any other personal or business accounts, those passwords should be changed immediately.
Since names, email addresses, phone numbers were included, we encourage you to remain vigilant for credible-looking phishing attempts or spam.

Our response

OnSolve promptly took steps to secure its systems, launched an investigation, and engaged external cybersecurity experts to assist. The provider decommissioned the OnSolve CodeRED platform. Our provider assures us that the new CodeRED platform resides on a non-compromised, separate environment and that they completed a comprehensive security audit and engaged external experts for additional penetration testing and hardening.

The Township has:

• notified the affected individuals of the breach;
• reported this incident to the Information and Privacy Commissioner of Ontario;
• followed its newly established Privacy Breach Procedure in our commitment to the highest standards of privacy relating to the dissemination of personal information;
• continued discussions with our provider to stay up to date with the ongoing investigation.

We apologize for the unintended breach of your personal information, and any stress it may have caused. You have a right to make a formal complaint to the Information and Privacy Commissioner of Ontario by contacting 1-800-387-0073 or info@ipc.on.ca

If you require further information or have additional questions, please contact:

Trevor Cornelius, Corporate Communications Manager at tcornelius@loyalist.ca or Anne Kantharajah, Clerk at clerk@loyalist.ca 613-386-7351, ext. 113 or 121.