Dear customers and business partners,

We hereby inform you of a cybersecurity incident that affected the information systems of Petrokemija d.d. on 16 February 2026.

What happened?

On 16 February 2026, unauthorized access was gained to a portion of our IT infrastructure, during which the attackers encrypted the Company’s virtual servers (a so-called ransomware attack).

The incident was detected on the same day, after which immediate measures were taken to contain the impact and initiate an investigation in cooperation with external cybersecurity experts.

Based on the preliminary results of the analysis conducted so far, we have no confirmation that unauthorized acquisition (exfiltration) of customer or business partner data has occurred. However, given the nature of the incident, the possibility of such risk cannot be fully excluded at this time until the ongoing forensic analysis is completed.

We would like to emphasize that the production process is fully segregated from the affected part of the IT systems. The security incident is limited to the administrative segment of the infrastructure and does not in any way affect production, product quality, or deliveries.

What measures have we taken?

In cooperation with external cybersecurity experts, we have implemented a number of urgent and additional protective measures:

1. - Isolation of affected systems and establishment of a secure network environment
2. - Disabling external network access and resetting access credentials
3. - Engagement of specialized forensic analysis experts
4. - Restoration of data from backup copies
5.  - Notification to the competent authorities, including the Croatian Personal Data Protection Agency (AZOP), the National Cyber Security Center (NCSC-HR), and the competent police authority
6. - Implementation of additional security measures, including stricter password requirements and  enhanced system monitoring

Data Protection Officer

Petrokemija d.d. has appointed an external Data Protection Officer (DPO) who is monitoring this incident and coordinating all activities related to data protection.

For any questions regarding the protection of your data, you may contact:

Dijana Kladar, Attorney-at-law

Vision Compliance d.o.o.

Mobile: +385 99 759 6690

E-mail: dijana@visioncompliance.eu

 What can you do?

Although based on currently available information we have no confirmation of data misuse, we recommend the following precautionary measures:

1. Be cautious with unexpected contacts – If you receive unusual emails, calls, or messages from persons claiming to represent Petrokemija d.d. or its partners, especially if they request personal or financial information, please do not respond without verifying their authenticity.

2. Monitor your bank accounts – Regularly review your account statements and transaction notifications and pay attention to any unusual activity.

3. Verify the authenticity of communications – If you have any doubts regarding the authenticity of communications allegedly coming from Petrokemija d.d., please contact us directly through the official communication channels listed in this notice.

4. Report suspicious activities – If you notice any suspicious activity related to the data you have entrusted to us, please inform us immediately through the Data Protection Officer.

Petrokemija d.d. continues to cooperate intensively with the competent authorities and cybersecurity experts and will, in accordance with established findings, timely inform all relevant stakeholders of any new developments.

The security of our customers and business partners data remains our ongoing priority.

Thank you for your understanding and continued trust.

Yours sincerely,

                                                  Management Board