Summit Insurance Data Breach Notification

March X, 2026Dear < > < > < > < >:Summit Insurance Services, Inc. (“Summit”) experienced a data incident which may have affected yourpersonal information. Based on our current review, we have no indication that your personal informationhas been or will be used inappropriately, but we wanted to make you aware of the incident, the measureswe have taken in response, and to provide details on the steps you can take to help protect yourinformation. We take the protection and proper use of your information seriously and are working toprevent a similar incident from occurring again in the future. < >Summit experienced a data security incident on December 2, 2024. We promptly launched aninvestigation, engaged a national cybersecurity firm to assist in assessing the scope of the incident andtook steps to mitigate the potential impact to our community. A third-party forensic investigationdetermined the incident occurred between September 18, 2024, and December 2, 2024. < >Summit Insurance Services, Inc.Following a diligent review of the data potentially impacted, we determined the elements of personalinformation that may have been included therein may have included, and potentially were not limited to,your: < >. Please note that we have no evidence at this time that any of yourpersonal information has been or will be misused as a result of the incident.Upon discovering the incident, we promptly launched an investigation and engaged a nationalcybersecurity firm to assist in assessing the scope of the incident and notified law enforcement.Unfortunately, these types of incidents are becoming increasingly common and organizations with someof the most sophisticated IT infrastructure available continue to be affected. As part of our ongoingcommitment to the security of information, we are evaluating opportunities to further secure our systemsto prevent a similar event from occurring again in the future. Additionally, out of an abundance of caution, we have arranged for you to activate, at no cost to you,Notice of Data < >TransUnion credit monitoring, as well as receive a TransUnion credit report and credit score services atno charge. These services provide you with alerts for < > months from the date ofenrollment when changes occur to your credit file. With this service, notification will be sent to you thesame day that a change or update takes place with the bureau. Finally, we are providing you with proactiveWhat Happenedfraud assistance to help with any questions that you might have or in event that you become a victim offraud. These services will be provided by Cyberscout, a TransUnion company specializing in fraudassistance and remediation services. To enroll in the complimentary services we are offering you, please visithttps://bfs.cyberscout.com/activate and follow the instructions provided. When prompted pleaseWhat Information Was Involvedprovide the following unique code to receive services: < >. In order for you to receive themonitoring services described above, you must enroll within ninety (90) days from the date of this letter.Please note that to activate monitoring services, you will need an internet connection and e-mail account.Additionally, you may be required to provide your name, date of birth, and Social Security number toconfirm your identity. Due to privacy laws, we cannot register you directly. Please note that the certainservices might not be available for individuals who do not have a credit file with the credit bureaus or anWhat We Are Doingaddress in the United States (or its territories) and a valid Social Security number. Activating this servicewill not affect your credit score.At this time, we are not aware of anyone experiencing fraud as a result of this incident. As data incidentsare increasingly common, we encourage you to always remain vigilant, monitor your accounts, andimmediately report any suspicious activity or suspected misuse of your personal information.Additionally, we recommend that you review the following pages, which contain important additionalinformation about steps you can take to safeguard your personal information, such as the implementationof an Identity Protection PIN (IP PIN) with the IRS, fraud alerts, and security freezes.Please know that the protection of your personal information is a top priority, and we understand theinconvenience and concern this incident may cause. Representatives can be reached at 1-800-405-6108between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding US holidays,and are available for ninety (90) days from the date of this letter to assist you with questions regardingthis incident.Sincerely, Summit Insurance Services, Inc.610 West Broadway, Suite 107Jackson, Wyoming 83001What You Can Doc/o Cyberscout, < > < > < > < >For More Information < >< >< >, < > < >Via First-Class MailFraud Alerts: You can place fraud alerts with the three credit bureaus by phone and online with Equifax(https://assets.equifax.com/assets/personal/Fraud_Alert_Request_Form.pdf); TransUnion(https://www.transunion.com/fraud-alerts); or Experian (https://www.experian.com/fraud/center.html). A fraudalert tells creditors to follow certain procedures, including contacting you, before they open any new accounts orchange your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you whenyou seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theftcan also get an extended fraud alert for seven years. The phone numbers for all three credit bureaus are at the bottomof this page. Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze isintended to prevent credit, loans, and services from being approved in your name without your consent. To place asecurity freeze on your credit report, you need to make a request to each consumer reporting agency. You maymake that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found atthe websites listed below. The following information must be included when requesting a security freeze (note thatif you are requesting a credit report for your spouse or a minor under the age of 16, this information must beprovided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3)date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incidentreport or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also includea copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement.It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As ofSeptember 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze forchildren under the age of 16. You may obtain a free security freeze by contacting any one or more of the followingnational consumer reporting agencies:More information can also be obtained by contacting the Federal Trade Commission listed above.Additional Important InformationTo help protect against a fraudulent tax return being filed under your name, we recommend Implementing anFor residents of all states:Identity Protection PIN (IP PIN) with the IRS. An IP PIN is a six-digit number that prevents someone else fromfiling a tax return using your Social Security number or Individual Taxpayer Identification Number. The IP PIN isknown only to you and the IRS. It helps the IRS verify your identity when you file your electronic or paper taxreturn. Even though you may not have a filing requirement, an IP PIN still protects your account.If you don't already have an IP PIN, you may get an IP PIN as a proactive step to protect yourself from tax-relatedidentity theft. If you want to request an IP PIN, please note: you must pass an identity verification process; andSpouses and dependents are eligible for an IP PIN if they can pass the identity verification process. The fastest wayto receive an IP PIN is by using the online Get an IP PIN tool found at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin. If you wish to get an IP PIN and you don’t already have an account onIRS.gov, you must register to validate your identity. Some items to consider when obtaining an IP PIN with the IRS: •An IP PIN is valid for one calendar year.•A new IP PIN is generated each year for your account.•Logging back into the Get an IP PIN tool, will display your current IP PIN.•An IP PIN must be used when filing any federal tax returns during the year including prior year returns. For residents of Hawaii, Michigan, Missouri, North Carolina, Vermont, Virginia, and Wyoming: It isrecommended by state law that you remain vigilant for incidents of fraud and identity theft by reviewingP.O. Box 105788 P.O. Box 9554 P.O. Box 160 credit card account statements and monitoring your credit report for unauthorized activity.Atlanta, GA 30348 Allen, TX 75013 Woodlyn, PA 19094 equifax.com/personal/credit-experian.com/freeze/center.html transunion.com/credit-freeze report-services/ 1-888-397-3742 1-888-909-8872 1-800-349-9960 It is required by state laws to inform you that you may obtain a copy of your credit report, free of charge,whether or not you suspect any unauthorized activity on your account. You may obtain a free copy ofyour credit report from each of the three nationwide credit reporting agencies. To order your free creditreport, please visit www.annualcreditreport.com, or call toll-free at 1-877-322-8228. You can also order yourannual free credit report by mailing a completed Annual Credit Report Request Form (available athttps://www.consumer.ftc.gov/articles/0155-free-credit-reports) to: Annual Credit Report Request Service, P.O.Box 105281, Atlanta, GA, 30348-5281.Implementing an Identity Protection PIN (IP PIN) with the IRS:For residents of Vermont: If you do not have internet access but would like to learn more about how to place asecurity freeze on your credit report, contact the Vermont Attorney General’s Office at 802-656-3183 (800-649-2424 toll free in Vermont only).For residents of New Mexico: Individuals interacting with credit reporting agencies have rights under the FairCredit Reporting Act. We encourage you to review your rights under the Fair Credit Reporting Act by visitinghttps://files.consumerfinance.gov/f/documents/bcfpconsumer-rights-summary2018-09.pdf, or by requestinginformation in writing from the Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC20552.For Residents of Washington, D.C.: You can obtain information about steps to take to avoid identity theft fromthe Office of the Attorney General for the District of Columbia at: 441 4th Street, NW, Washington, DC 20001;202-727-3400; www.oag.dc.gov.For residents of Iowa: State law advises you to report any suspected identity theft to law enforcement orto the Attorney General.For residents of Oregon: State laws advise you to report any suspected identity theft to law enforcement,including the Attorney General, and the Federal Trade Commission.For residents of Maryland, Rhode Island, Illinois, New York, and North Carolina: You can obtain informationfrom the Maryland and North Carolina Offices of the Attorney General and the Federal TradeCommission about fraud alerts, security freezes, and steps you can take toward preventing identity theft.Equifax Security Freeze Experian Security Freeze TransUnion Security Freeze Maryland Office of the Attorney General Consumer Protection Division, 200 St. Paul Place, Baltimore, MD21202 1-888-743-0023 www.oag.state.md.usRhode Island Office of the Attorney General Consumer Protection, 150 South Main Street, Providence, RI 029031-401-274-4400 www.riag.ri.gov North Carolina Office of the Attorney General Consumer Protection Division, 9001 Mail Service Center,Raleigh, NC 27699-9001 1-877-566-7226 www.ncdoj.govFederal Trade Commission Consumer Response Center, 600 Pennsylvania Ave, NW Washington, DC20580 1-877-IDTHEFT (438-4338) www.ftc.gov/idtheftFor residents of Illinois, Iowa, Maryland, Missouri, North Carolina, Oregon, and West Virginia:New York Office of Attorney General Consumer Frauds & Protection, The Capitol, Albany, NY 12224 1-800-771-7755 https://ag.ny.gov/consumer-frauds/identity-theftFor residents of Massachusetts and Rhode Island: It is required by state law that you are informed of your right toobtain a police report if you are a victim of identity theft.