North Country Business Products Data Security Incident Notification

James E. Prendergast 1275 Drummers Lane, Suite 302 Office: 267-930-4798 Wayne, PA 19087 Fax: 267-930-4771 Email: jprendergast@mullen.law Mullen.law February 15, 2019 VIA U.S. MAIL & E-MAIL Office of the Attorney General Consumer Protection and Antitrust Gateway Professional Center 1050 E Interstate Avenue Suite 200 Bismarck, ND 58503-5574 Email: ndag@nd.gov Re: Notice of Data Security Incident Dear Sir or Madam: We represent North Country Business Products, Inc. (“North Country”), located at 1112 S. Railroad Street SE, PO Box 910, Bemidji, MN 56601. We are writing to notify your office of an incident that may affect the security of personal information relating to an undetermined number of North Dakota residents. The investigation into this matter is ongoing, and this notice will be supplemented with any new significant facts learned subsequent to its submission. By providing this notice, North Country does not waive any rights or defenses regarding the applicability of North Dakota law, the applicability of the North Dakota data event notification statute, or personal jurisdiction. Nature of the Data Event On January 4, 2019, North Country learned of suspicious activity occurring within certain business partner networks. North Country immediately launched an investigation, working with third-party forensic investigators to determine the nature and scope of the event. On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to one hundred and forty-two (142) of North Country’s business partners’ restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information. Since the event was discovered, North Country has been working with third-party forensic investigators to determine what happened, what information was potentially affected and to implement additional procedures to further protect the security of its business partners’ customer debit and credit card information. The information that could have been subject to unauthorized access includes cardholder name, credit card number, expiration date, and CVV.

Office of the Attorney General February 15, 2019 Notice to North Dakota Residents On or about February 1, 2019, North Country provided written notice of this incident to its business partner restaurants. Written notice was provided in substantially the same form as the letter attached here as Exhibit A. On or about February 15, 2019, North Country issued a media notice to prominent media outlets serving North Dakota and by conspicuously posting notice on their website. North Country also provided a link to its website notice to its business partners for posting on their websites. Media notice issued by North Country relating to this matter is attached hereto as Exhibit B. The website notice issued by North Country relating to this matter is attached hereto as Exhibit C. Other Steps Taken and To Be Taken Upon discovering the event, North Country moved quickly to investigate and respond to the incident, assess the security of North Country’s systems, the systems of its business partners, and notify potentially affected individuals. North Country is also working to implement additional safeguards and training to its employees. Additionally, North Country is providing impacted individuals with guidance on how to better protect against identity theft and fraud, including advising individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank. North Country is providing individuals with information on how to place a fraud alert and security freeze on one's credit file, information on protecting against tax fraud, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud. North Country is also providing written notice of this incident to other state regulators, as necessary. Contact Information Should you have any questions regarding this notification or other aspects of the data security event, please contact us at (267) 930-4798. Very truly yours, James E. Prendergast of MULLEN COUGHLIN LLC JEP:plm Enclosure(s)

EXHIBIT A

Friday,February1,2019Re: NorthCountryBusinessProducts,Inc.,NoticeofDataSecurityEvent Dear :Wearewritingtoinformyouofarecentincidentthatmayaffectthesecurityofpersonalinformationbelongingtoyour customers.NorthCountryBusinessProducts(“NCBP”)isprovidingthisnoticetoensureyouareawareoftheincidentandthestepswearetakinginresponse.Yourcompanymayhavecertainlegaldutiesinresponsetothismatter,andwerecommendyousharethisletterwith counsel.Yourcompanymayalsohavecontractualnoticeobligations,includingnoticetoyouracquiringbankandcredit cardprocessor.NCBPwillprovidenoticeofthiseventtopotentiallyimpactedindividualsonyourcompany’sbehalf. Hereareadditionaldetailsabouttheincident.OnJanuary4,2019,NCBPlearnedofsuspiciousactivityoccurringwithin certainclientnetworks.Inresponse,NCBPimmediatelylaunchedaninvestigationandbeganworkingwithforensicexperts todeterminethenatureandscopeofthisincident.Weidentifiedcertainclientswhohadcustomerinformationaccessible asaresultoftheincidentandpromptlybeganareviewofourfiles to identify the related clients and their contact information.Areviewoftheimpactedsystemsdeterminedthatanycreditcardinformationofyourcustomersthatwaspresenton yourPOSsystemwasaccessiblefrom to .Pleaseadviseifyouhadpoint‐to‐point encryptioncapabilitythatwasenabledonyourPOSsystemsduringthistime,asthatshouldhavepreventedthemalware frombecomingoperational.Todate,NCBPhasnotreceivedanyreportsofactualorattemptedmisuseofthisinformation.Wetakethisincidentandthesecurityofthepersonalinformationinourcareveryseriously.Sincediscoveringtheevent,wehavebeenworkingdiligentlywithoutsideforensicinvestigatorstodeterminewhathappenedandwhatinformationmayhavebeenaccessibleasaresultofthisincident.

Aspartofourongoingcommitmenttothesecurityofpersonalinformationinourcare, we haveandwillcontinueto implementadditionalsafeguardstofurthersecuretheinformationinoursystems.Wearealsonotifyingcertainstate regulators,consumerreportingagencies,andcardbrands,whererequired. Wehavepreparedawebsitenotice.Youshouldpostalinkonyourwebsitewhichdirectsyourcustomerstothethisnotice onNCBP’swebpage.Apressreleasewillalsobeprovidedtomajor,state‐widemedia.Weanticipatenotificationusing thesematerialsonFebruary8,2019.AdraftcopyofthewebsitenoticeandpressreleasewillbeprovidedbyFebruary6. Shouldyouhaveanyquestions,pleasefeelfreetocontactmedirectly at  or via email at .Again,wetakethesecurityofpersonalinformationwithinourcareveryseriously.Weregretthisincidenthappenedand apologizeforanyconcernthisincidentcauses. Sincerely, MatthewSwanson SeniorDirectorofCustomerSupportNorthCountryBusinessProducts,Inc.

EXHIBIT B

North Country Business Products, Inc., Provides Notice of Data Security Incident Bemidji, Minnesota, February 15, 2019 – North Country Business Products, Inc., (“North Country”), today announced that a recent data security incident may have resulted in unauthorized access to payment information of some consumers who used credit and debit cards at its business partner restaurants between January 3, 2019, and January 24, 2019. North Country engaged professionals who have corrected the issue.On January 4, 2019, North Country learned of suspicious activity occurring within certain client networks. North Country immediately launched an investigation, working with third-party forensic investigators to determine the nature and scope of the event. On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to certain of North Country’s business partners restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information. Specific information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV. North Country is notifying potentially affected customers of its business partners by this posting, and by notifying the media about this event. North Country established a dedicated assistance line for individuals seeking additional information regarding this incident. Consumers can call 1-877-204-9537, Monday through Friday (excluding U.S. holidays), 9:00 a.m. to 9:00 p.m. EST. Consumers can also find the list of impacted restaurants and additional information on how they can protect against fraud and identity theft at www.ncbpdataevent.com. North Country takes this incident and the security of our customers’ information very seriously. The company has updated processes to further strengthen its systems to protect its business partners’ customer debit or credit card information and will continue to work with third-party experts to help ensure the highest levels of security. # # #

EXHIBIT C

North Country Business Products, Inc., Provides Notice of Data Security Incident Bemidji, Minnesota, February 15, 2019 – North Country Business Products, Inc., (“North Country”), today announced that a recent data security incident may have resulted in unauthorized access to payment information of some consumers who used credit and debit cards at its business partner restaurants between January 3, 2019, and January 24, 2019. North Country engaged professionals who have corrected the issue. On January 4, 2019, North Country learned of suspicious activity occurring within certain client networks. North Country immediately launched an investigation, working with third-party forensic investigators to determine the nature and scope of the event. On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to certain of North Country’s business partners restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information. Specific information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV. North Country is notifying potentially affected customers of its business partners by this posting, and by notifying the media about this event. Potentially affected consumers can review the information below for steps on how they can protect themselves from fraud or identity theft. North Country established a dedicated assistance line for individuals seeking additional information regarding this incident. Consumers can call 1-877-204-9537, Monday through Friday (excluding U.S. holidays), 9:00 a.m. to 9:00 p.m. EST. Consumers can also find additional information below on how they can protect against fraud and identity theft. A list of North Country’s business partners whose customer data was potentially exposed is below. North Country takes this incident and the security of our customers’ information very seriously. The company has updated processes to further strengthen its systems to protect its business partners’ customer debit or credit card information and will continue to work with third-party experts to help ensure the highest levels of security. # # # STEPS YOU CAN TAKE TO BETTER PROTECT YOUR INFORMATION We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity. If you see any suspicious activity, please report it to the bank that issued your credit card. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-3228228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below: Experian PO Box 9554 Allen, TX 75013 1-888-397-3742 www.experian.com/freeze/center.html TransUnion P.O. Box 2000 Chester, PA 19016 1-888-909-8872 www.transunion.com/credit-freezeEquifax PO Box 105788 Atlanta, GA 30348-5788 1-800-685-1111 www.equifax.com/personal/credit-report-services In order to request a security freeze, you will need to provide the following information: 1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.); 2. Social Security number; 3. Date of birth; 4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years; 5. Proof of current address, such as a current utility bill or telephone bill; 6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.); 7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft. As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below: Experian P.O. Box 2002 Allen, TX 75013TransUnion P.O. Box 2000 Chester, PA 19106Equifax P.O. Box 105069 Atlanta, GA 30348

1-888-397-3742 www.experian.com/fraud/center.html 1-800-680-7289 www.transunion.com/fraud-victim-resource/place-fraud-alert1-888-766-0008 www.equifax.com/personal/credit-report-services Although we have no reason to believe that your personal information has been used to file fraudulent tax returns, you can contact the IRS at www.irs.gov/Individuals/Identity-Protection for helpful information and guidance on steps you can take to address a fraudulent tax return filed in your name and what to do if you become the victim of such fraud. You can also visit www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft for more information. You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877-566-7226 or 1-919-716-6400, www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us. For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violator. You may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580. For Rhode Island Residents: The Rhode Island Attorney General can be reached at: 150 South Main Street, Providence, Rhode Island 02903, www.riag.ri.gov, 1-401-247-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident.

North Country’s Impacted Business Partners Black Barts of Flagstaff, AZ (Transactions Occurring on 1/4/2019) Brookside II of Surprise, AZ (Transactions Occurring on 1/4/2019) CCV Chandler LLC of Chandler, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Chutney's Indian Cuisine of Tempe, AZ (Transactions Occurring on 1/4/2019) Collins' Irish Pub of Flagstaff, AZ (Transactions Occurring on 1/4/2019) The Wren at Crowne Plaza Phoenix Airport of Phoenix, AZ (Transactions Occurring on 1/4/2019) Ernie's Inn of Scottsdale, AZ (Transactions Occurring on 1/4/2019) Forefathers of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Frog & Firkin of Tucson, AZ (Transactions Occurring on 1/4/2019) GCRC Skywalk Restaurant of Peach Springs, AZ (Transactions Occurring from 1/4/2019 to 1/23/2019) Goldie's Sports Cafe of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Grand Canyon University of Phoenix, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Hacienda Del Sol Guest Ranch of Tucson, AZ (Transactions Occurring on 1/4/2019) Herb Box of Scottsdale, AZ (Transactions Occurring on 1/4/2019) Holiday Inn of Chandler, AZ (Transactions Occurring on 1/4/2019) Holiday Inn of Yuma, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) MSR Properties, LLC of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Isabel's Amor of Gilbert, AZ (Transactions Occurring from 1/4/2019 to 1/21/2019) Karichimaka of Tucson, AZ (Transactions Occurring on 1/4/2019) Holiday Inn of Phoenix, AZ (Transactions Occurring on 1/4/2019) Loco Patron of Scottsdale, AZ (Transactions Occurring on 1/4/2019) Market Bar & Kitchen of Flagstaff, AZ (Transactions Occurring on 1/4/2019) Modern Round of Peoria, AZ (Transactions Occurring on 1/4/2019) Morenci Motel & Lanes of Morenci, AZ (Transactions Occurring on 1/4/2019) Mudshark Brewing Company of Lake Havasu City, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Picazzo's Gourmet Pizza of Sedona, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Rancho De Tia Rosa's of Chandler, AZ (Transactions Occurring on 1/4/2019) Salsa Brava of Flagstaff, AZ (Transactions Occurring on 1/4/2019) Sapporo of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/10/2019) Chai Bagel Corp of Scottsdale, AZ (Transactions Occurring on 1/4/2019) Someburros of Flagstaff, AZ (Transactions Occurring from 1/4/2019 to 1/11/2019) Someburros of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/11/2019) Someburros of Gilbert, AZ (Transactions Occurring on 1/4/2019) Someburros of Queen Creek, AZ (Transactions Occurring on 1/4/2019) Someburros of Tempe, AZ (Transactions Occurring from 1/4/2019 to 1/11/2019) Someburros of Gilbert, AZ (Transactions Occurring on 1/4/2019) Someburros of Tempe, AZ (Transactions Occurring on 1/4/2019) Tucson Truck Terminal of Tucson, AZ (Transactions Occurring on 1/4/2019) Voyager RV Resort of Tucson, AZ (Transactions Occurring on 1/4/2019) Zipps Ahwatukee of Phoenix, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill of Phoenix, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019)

Zipps Sports Grill of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill of Glendale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill of Gilbert, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill of Phoenix, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill of Scottsdale, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill (McClintock) of Tempe, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Zipps Sports Grill (Mill Avenue) of Tempe, AZ (Transactions Occurring from 1/4/2019 to 1/22/2019) Burger Jones of Burnsville, MN (Transactions Occurring on 1/4/2019) Chompie's Best at University Inc of Tempe, AZ (Transactions Occurring on 1/4/2019) Cambria of New Orleans, LA (Transactions Occurring on 1/4/2019) Casa Rio of Anoka, MN (Transactions Occurring on 1/4/2019) Charlie's Sports Bar & Grill of Becker, MN (Transactions Occurring on 1/4/2019) Chino Latino of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Alexandria, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Andover, MN (Transactions Occurring from 1/4/2019 to 1/10/2019) Dunn Brothers Coffee of Anoka, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Apple Valley, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee of Arden Hills, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Bemidji, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Bettendorf, IA (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Bismark, ND (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Buffalo, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Burlington, IA (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Chaska, MN (Transactions Occurring from 1/4/2019 to 1/9/2019) Dunn Brothers Coffee of Columbia, MO (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Coon Rapids, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Coralville, IA (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Davenport, IA (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Devils Lake, ND (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Dickinson, ND (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Duluth, MN (Transactions Occurring from 1/4/2019 to 1/10/2019) Dunn Brothers Coffee of Eagan, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Edina, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Elk River, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee of Excelsior, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Fargo, ND (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Fridley, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Friendswood, TX (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Hastings, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Hudson, WI (Transactions Occurring from 1/4/2019 to 1/10/2019) Dunn Brothers Coffee of Hutchinson, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Jefferson City, MO (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Lakeville, MN (Transactions Occurring on 1/4/2019)

Dunn Brothers Coffee of Lexington, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Maple Grove, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee (West 43rd Street) of Minneapolis, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee (Washington Avenue North) of Minneapolis, MN (Transactions Occurring from 1/4/2019 to 1/10/2019) Dunn Brothers Coffee (Nicollet Mall) of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (Nicollet Avenue) of Minneapolis, MN (Transactions Occurring from 1/4/2019 to 1/11/2019) Dunn Brothers Coffee (3348 Hennepin Avenue South) of Minneapolis, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee (South 7th Street) of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (Park Avenue S) of Minneapolis, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee (2528 Hennepin Avenue South) of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (West 15th Street) of Minneapolis, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee (South 8th Street) of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (Lasalle Avenue) of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (East Lake Street) of Minneapolis, MN (Transactions Occurring from 1/4/2019 to 1/15/2019) Dunn Brothers Coffee (Skyway III, Marquette Avenue) of Minneapolis, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (Highway 7) of Minnetonka, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (Shady Oak Road) of Minnetonka, MN (Transactions Occurring from 1/3/2019 to 1/4/2019) Dunn Brothers Coffee of Nashville, TN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of New Richmond, WI (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Plymouth, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Rapid City, SD (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (Broadway Avenue South) of Rochester, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee (Elton Hills Drive NW) of Rochester, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee (Salem Road SW) of Rochester, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee (Fairview Avenue North) of Roseville, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee (North Hamline Avenue) of Roseville, MN (Transactions Occurring from 1/4/2019 to 1/10/2019) Dunn Brothers Coffee of Savage, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Sioux Falls, SD (Transactions Occurring from 1/4/2019 to 1/22/2019)

Dunn Brothers Coffee of St Cloud, MN (Transactions Occurring from 1/4/2019 to 1/10/2019) Dunn Brothers Coffee of St Michael, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of St Paul, MN (Transactions Occurring from 1/3/2019 to 1/23/2019) Dunn Brothers Coffee of Stillwater, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of West Bend, WI (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of White Bear Lake, MN (Transactions Occurring from 1/4/2019 to 1/22/2019) Dunn Brothers Coffee of Willmar, MN (Transactions Occurring on 1/4/2019) Dunn Brothers Coffee of Woodbury, MN (Transactions Occurring on 1/4/2019) East Bay Restaurant & Bar of Holcombe, WI (Transactions Occurring on 1/4/2019) SSJSAC LLC of Phoenix, AZ (Transactions Occurring on 1/4/2019) Hoppers Bar And Grill of Waconia, MN (Transactions Occurring on 1/4/2019) Max & Erma's of Aberdeen, SD (Transactions Occurring on 1/4/2019) Memorial Medical Center of Ashland, WI (Transactions Occurring on 1/4/2019) Pastini Pastaria of Tigard, OR (Transactions Occurring from 1/4/2019 to 1/9/2019) Pittsburgh Blue of Maple Grove, MN (Transactions Occurring on 1/4/2019) Saint Marc Pub of Huntington Beach, CA (Transactions Occurring on 1/4/2019) Sawall Health Foods of Kalamazoo, MI (Transactions Occurring on 1/4/2019) Sconni's Alehouse And Eatery of Schofield, WI (Transactions Occurring on 1/4/2019) Holiday Inn of Lakewood, CO (Transactions Occurring from 1/4/2019 to 1/22/2019) Sebastian Joe's Ice Cream of Minneapolis, MN (Transactions Occurring on 1/4/2019) Stony Point Resort of Cass Lake, MN (Transactions Occurring on 1/4/2019) Tacos Trompo of Fargo, ND (Transactions Occurring from 1/4/2019 to 1/10/2019) The Ranch Supper Club of Hayward, WI (Transactions Occurring on 1/4/2019) VFW Post 7564 of West Fargo, ND (Transactions Occurring from 1/4/2019 to 1/9/2019) Vinyl Taco of Grand Forks, ND (Transactions Occurring from 1/4/2019 to 1/15/2019) Buffalo Wings & Rings of Monroe, OH (Transactions Occurring from 1/4/2019 to 1/11/2019)