Bolt Solutions Data Breach Notification Affects 140,249 Washington Residents

Todd M. Rowe, Partner Cybersecurity & Data Privacy Team 20 North Wacker, Suite 4120 Chicago, IL 60606 trowe@constangy.com

VIA ONLINE SUBMISSION

Attorney General Nick Brown Office of the Attorney General Consumer Protection Division 1125 Washington Street SE P.O. Box 40100 Olympia, WA 98504-0100 Re: Notice of Data Security Incident Dear Attorney General Brown: Constangy, Brooks, Smith and Prophete LLP ("Constangy") represents Bolt Solutions Inc. ("bolt") in connection with an incident described in greater detail below. The purpose of this letter is to notify you that this incident involved certain information of 140,249 Washington residents. This notice may be supplemented with any new significant facts learned subsequent to its submission. bolt hereby reserves all rights and defenses in connection herewith. 1. Nature of Incident bolt obtained certain residents' information through its role as a service provider involved in the insurance industry. On January 5, 2026, bolt became aware of a cyber incident. In response, bolt engaged independent cybersecurity experts to assist with an investigation regarding the incident. The investigation determined that an unauthorized party accessed parts of bolt's network and acquired certain files on December 29-30,

1. bolt undertook a comprehensive review of those files and learned that they included residents' information. Please note that bolt has no evidence that information was used to commit identity theft or fraud. The information included the residents' names along with their address and date of birth. It also might have included quote and/or policy numbers and insurer name for certain residential property insurance sought or obtained. 2. Number of Washington residents affected

bolt notified 140,249 Washington residents of the incident via first class U.S. mail on February 26, 2026. A sample copy of the notification letter is included with this correspondence. 3. Steps taken relating to the incident

In response to the incident, bolt retained cybersecurity experts and launched a forensics investigation to determine the source and scope of the compromise. bolt implemented additional security measures to further harden its environment in an effort to prevent a similar event from occurring in the future. bolt is notifying the relevant individuals and providing resources and steps individuals can take to help

773.558.2363

Constangy, Brooks, Smith & Prophete, LLP

protect their information. In addition, bolt is offering relevant individuals complimentary credit monitoring and identity protection services through IDX, a data breach and recovery services expert. IDX identity protection services include: 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. IDX will also support a call center for at least 90 days to answer incident related questions. 4. Contact information bolt takes the privacy and security of all information in its possession very seriously. If you have any questions or need additional information, please do not hesitate to contact me at 773.558.2363 or trowe@constangy.com. Sincerely yours, [Draft] Todd M. Rowe of CONSTANGY, BROOKS, SMITH & Encl.: Sample Consumer Notification Letter

Page PROPHETE LLP

RecordIndicator120001 #MqAD9V"E+a+

GJQrze58oV a!aa!!!!a!a!!!a!

120001

Enrollment Code: To Enroll, Scan the QR Code Below:

Āæ׫ÚÇ¡ÎþÏÛ« Ā¨¼ÃØÒÐÀÌÛøµôðÒÖ ù¹Éɹ¹ùÉÉ©©Ù©Ù©©©

396_120001

Or Visit: https://response.idx.us/BoltSolutions

AADADAADAFFDFADDTAAFTA

Subject: Notice of Data Security Incident Dear : We are writing to inform you of a recent data security incident that involved your personal information. Please know that Bolt Solutions Inc. ("bolt") takes all privacy and security matters very seriously and asks that you read this letter carefully as it contains information regarding the incident and steps that you can take to help protect your personal information.

What Happened. bolt obtained certain information about you through its role as a service provider involved in the

insurance industry. On January 5, 2026, bolt became aware of a cyber incident. bolt engaged independent cybersecurity experts to assist with an investigation regarding the incident. The investigation determined that an unauthorized party accessed parts of bolt's network and acquired certain files on December 29-30, 2025. bolt undertook a comprehensive review of those files and learned that they included some of your personal information, which is the reason for this notification. Please note that bolt has no evidence that information about you was used to commit identity theft or fraud. . The information included your name, address and date of birth. It also might haveWhat Information Was Involved included quote and/or policy numbers and insurer name for certain residential property insurance that you sought or obtained. As soon as bolt discovered this incident, bolt took the steps described above and implementedWhat We Are Doing. measures to enhance security and minimize the risk of a similar incident occurring in the future. bolt is also offering you complimentary identity protection services through IDX, a leader in consumer identity protection. These services include 12 months of credit monitoring, dark web monitoring , a $1 million identity fraud loss reimbursement policy, 1 and fully managed identity theft recovery services. To enroll, please call , go to , or scan the QR image and use the Enrollment Code provided above. The deadline to enroll in these services is May 26, 2026 .

What You Can Do. You can follow the recommendations on the following page to help protect your personal

information. You can also enroll in the complementary services offered to you through IDX, by using the enrollment code provided above.

P.O. Box 989728 To receive credit monitoring services, you must be over the age of 18 and have established credit in the U.S., have a Social West Sacramento, CA 95798-9728Security number in your name, and have a U.S. residential address associated with your credit file.

For More Information. Further information about how to protect your personal information appears on the following

page. If you have questions or need assistance, please call , Monday through Friday from 9 am - 9 pm Eastern Time, except on U.S. holidays. We take your trust in us and this matter very seriously. Please accept our sincere apologies for any worry or inconvenience this may cause.

Sincerely, Bolt Solutions , Inc.

/EqADF2B7e+ wIORu=$~c-V a!a!!!!!a!a!!!a!

120001Steps You Can Take to Help Protect Your Personal Information

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary

measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (the "FTC").

Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting

agencies once every 12 months by visiting www.annualcreditreport.com, calling toll-free 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three national credit reporting agencies:

Equifax Experian TransUnion

P.O. Box 105851 P.O. Box 9532 P.O. Box 2000 Atlanta, GA 30348 Allen, TX 75013 Chester, PA 19016 1-800-525-6285 1-888-397-3742 1-800-916-8800 www.equifax.com www.experian.com www.transunion.com

Fraud Alert: You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will

stay on your credit file for at least one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at www.annualcreditreport.com.

Security Freeze: You have the right to put a security freeze on your credit file for up to one year at no cost. This will

prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.

Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your

respective state Attorney General about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state.

Federal Trade Commission

600 Pennsylvania Ave, NW Washington, DC 20580 www.consumer.ftc.gov 877-438-4338

You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include to know what is in

your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information; as well as other rights. For more information about the FCRA, and your rights pursuant to the FCRA, please visit www.consumer.ftc.gov/sites/default/files/articles/pdf/pdf-0096-fair-credit-reporting-act.pdf.