Will Palantir step into the void left by Colorado dismissing CodeRed as their emergency alert vendor?
The breach exposed names, emails, phone numbers, and even passwords of alert subscribers. Weld County, notably, didn’t receive full breach details until nearly two weeks later. That delay? It’s now part of a broader reckoning with vendor accountability.
CodeRED, Crisis24, and Colorado’s Data Wake-Up Call
When Colorado’s emergency alert system went dark in early November, the disruption wasn’t just technical—it was systemic. The CodeRED platform, operated by OnSolve and Crisis24, was hit by a targeted cyberattack that exposed thousands of residents’ personal data. Counties scrambled to notify people using social media, door-to-door outreach, and FEMA backups. But as contracts are reevaluated and replacements considered, one name keeps surfacing: Palantir Technologies.
What Happened—and Why It Matters
The breach affected dozens of jurisdictions, including Douglas, Weld, Aurora, and Park counties. Subscriber data—names, emails, phone numbers, even passwords—was compromised. Weld County didn’t receive full breach details until nearly two weeks after the initial shutdown.
Crisis24, the vendor behind CodeRED, is owned by GardaWorld, a global private security firm. And while some counties are switching to platforms like RAVE Alert, others are sticking with Crisis24’s rebuilt system. But behind the scenes, a deeper infrastructure shift is underway.
Palantir’s Colorado Footprint: Bigger Than You Think
Palantir Technologies, headquartered in Denver since 2020, is already embedded in Colorado’s state systems. Its Foundry platform powers data integration and predictive analytics across multiple agencies:
- Department of Human Services (CDHS): Foundry supports Colorado’s Benefits Management System (CBMS), which handles Medicaid, SNAP, and child welfare data. Palantir’s tools help track service delivery, identify fraud patterns, and flag high-risk cases.
- Department of Public Health & Environment (CDPHE): During COVID-19, Palantir ran the backbone of Colorado’s contact-tracing and pandemic dashboard. That infrastructure remains active in modified form, supporting disease surveillance and public health analytics.
- Governor’s Office of Information Technology (OIT): Palantir is integrated into cross-agency data fusion efforts, including strategic planning, emergency response modeling, and AI-enhanced decision support. While not publicly disclosed in full, Foundry’s presence is confirmed in procurement records and internal briefings.
Why This Matters for Emergency Alerts
If Palantir expands into mass notification or public alerting, it could fuse opt-in emergency data (your phone number, address, alert preferences) with:
- DMV records and license-plate reader data
- Social services and benefits history
- Protest permit databases and law enforcement watchlists
This isn’t hypothetical. Palantir’s predictive policing tools were used by Denver PD until 2020, and its ICE contracts have powered real-time migrant tracking and family separation operations.
What to Watch For
Palantir is not replacing CodeRED directly—but it’s perfectly positioned to bid on future crisis-response platforms. Here’s what Coloradans should monitor:
- New statewide “data fusion” or “master database” RFPs from OIT or the Governor’s office
- Expansion of Palantir tools inside CDPHE, CDHS, or the Colorado Information Analysis Center (CIAC)
- Legislative attempts to weaken SB21-169 (Colorado’s AI and privacy law)
Bottom Line
The CodeRED breach exposed more than passwords—it revealed how fragile and opaque our civic tech systems can be. Palantir’s growing role in Colorado’s data infrastructure demands scrutiny, transparency, and public debate. As we rebuild trust in emergency alerts, we must ask: Who controls the platforms we rely on—and what do they do with our data?
Listen to the Audio Segment of this article
