With the aim of providing transparent information regarding the cyberattack that affected our company’s information systems, we are presenting the results of the conducted forensic investigation in order to provide you with a clear overview of the security incident and the measures we have taken.

On 16 February 2026, Petrokemija d.d. experienced a cyberattack on its IT system. Based on the available facts and the results of the completed independent forensic investigation, the primary objective of the attack was to disrupt the normal operation of the Company’s systems. The network was breached through a compromised user account, resulting in the encryption of data on virtual servers and the temporary disabling of authorized access to the IT infrastructure.

According to the results of the forensic investigation, there is no evidence indicating that any data was exfiltrated from the systems of Petrokemija d.d.

It is important to emphasize that the attacker is no longer present in the system and no traces have been found indicating any form of persistent access. All encrypted data has been successfully restored without the payment of any ransom.

We would like to emphasize that the production process is fully separated from the affected systems and that the incident did not impact production, product quality, or deliveries.

Given the importance of data protection and the thorough recovery of the IT infrastructure, the following security and technical measures have been implemented:

1. - isolation of affected network segments,
2. - resetting of all access credentials and implementation of enhanced security controls,
3. - engagement of a specialized forensic company and full restoration of all data from backups.

The incident has been reported to the Personal Data Protection Agency, the National Cybersecurity Center, and a criminal complaint has been filed with the competent police authority.

We would like to inform you that there is no available evidence that the attacker processed the data of our customers and business partners beyond encrypting it, i.e., by accessing, altering, or exporting it from the system. The encrypted data has been fully restored and is in normal use.

In light of this incident, and considering the importance of personal data protection, we kindly ask you to observe the following precautionary measures:

1. - exercise caution with unexpected emails, calls, or messages claiming to be from Petrokemija d.d., especially if they request confirmation of personal or financial data;
2. - regularly monitor your bank statements for any unusual transactions;
3. - if you have any doubts regarding the authenticity of any communication, please contact us through the official channels provided below.

Data Protection Officer:
VISION COMPLIANCE d.o.o.
E-mail: dijana@visioncompliance.eu

Thank you for your understanding and your continued cooperation.