Mark Leyden & Associates Data Breach Notification

P.O. Box 989728 West Sacramento, CA 95798-9728 < > < > < > < > < >, < > < > March 20, 2026 Dear < >: Mark Leyden & Associates, LLC recognizes the importance of protecting the personal information we maintain. We are writing to inform you of a security incident that involved some of your information, including your name < >. This letter explains the measures we have taken and some steps you may consider taking in response. We are notifying you about this incident to let you know what happened and that we take this very seriously. We arranged for you to receive a complimentary two-year membership of credit monitoring and identity theft protection services by IDX. These services are completely free to you and enrolling will not hurt your credit score. For more information on identity theft prevention, additional steps you can take in response to this incident, and instructions on how to activate your complimentary, two-year membership, please see the pages that follow this letter. We sincerely regret that this incident occurred and any inconvenience it may have caused. If you have any questions, please call us at 1-833-788-9712, Monday through Friday, between 8 a.m. and 8 p.m., Central Time. Sincerely, Mark Leyden & Associates

Enrollment Code: < >

Enrollment Deadline: June 20, 2026 To Enroll, Scan the QR Code Below:

Or Visit: https://app.idx.us/account-creation/protect

ADDITIONAL STEPS YOU CAN TAKE

We remind you it is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows: • Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-888-378-4329

• Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
• TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-833-799-5355 If you believe you are the victim of identity theft or have reason to believe your personal information has been misused,

you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You

can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows: • Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington,

DC 20580, 1-877-IDTHEFT (438-4338), www.identitytheft.gov Under Massachusetts law, you have the right to file and obtain a copy of a police report. You also have the right to request a security freeze, as described above. You may contact and obtain information from your state attorney general at: Office

of the Massachusetts Attorney General, One Ashburton Place, Boston, MA 02108, 1-617-727- 8400, www.mass.gov/ago/contact-us.html

Fraud Alerts and Credit or Security Freezes:

Fraud Alerts: There are two types of general fraud alerts you can place on your credit report to put your creditors on

notice that you may be a victim of fraud—an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for one year. You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. To place a fraud alert on your credit reports, contact one of the nationwide credit bureaus. A fraud alert is free. The credit bureau you contact must tell the other two, and all three will place an alert on their versions of your report. For those in the military who want to protect their credit while deployed, an Active Duty Military Fraud Alert lasts for one year and can be renewed for the length of your deployment. The credit bureaus will also take you off their marketing lists for pre-screened credit card offers for two years, unless you ask them not to.

IRS Identity Protection PIN: You can obtain an identity protection PIN (IP PIN) from the IRS that prevents someone

else from filing a tax return using your Social Security number. The IP PIN is known only to you and the IRS and helps the IRS verify your identity when you file your electronic or paper tax return. You can learn more and obtain your IP PIN here: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.

Credit or Security Freezes: You have the right to put a credit freeze, also known as a security freeze, on your credit file, free of charge, which makes it more difficult for identity thieves to open new accounts in your name. That’s because most

creditors need to see your credit report before they approve a new account. If they can’t see your report, they may not extend the credit. How do I place a freeze on my credit reports? There is no fee to place or lift a security freeze. Unlike a fraud alert, you

must separately place a security freeze on your credit file at each credit reporting company. For information and instructions to place a security freeze, contact each of the credit reporting agencies at the addresses below:

• Experian Security Freeze, PO Box 9554, Allen, TX 75013, www.experian.com
• TransUnion Security Freeze, PO Box 2000, Chester, PA 19016, www.transunion.com
• Equifax Security Freeze, PO Box 105788, Atlanta, GA 30348, www.equifax.com You'll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit bureau will provide you with a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze. How do I lift a freeze? A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it altogether.

If the request is made online or by phone, a credit bureau must lift a freeze within one hour. If the request is made by mail, then the bureau must lift the freeze no later than three business days after getting your request. If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit bureau the business will contact for your file, you can save some time by lifting the freeze only at that particular credit bureau. Otherwise, you need to make the request with all three credit bureaus.