Security Incident Update & Mitigation Measures

02/21/2025 (Update to 2/19 Bulletin)

Customers and Partners,

To remain transparent with our customers and partners, and in light of our ongoing investigation, we wanted to provide some updated information on this incident. Here is our latest and most accurate information, which should replace any previous updates.

As we shared in our prior update, H2O.ai is investigating a security incident. We have engaged third partyspecialists to assist with our investigation. At this time, we have notified law enforcement and are cooperating with an ongoing investigation into this threat actor group.

What happened?

• On January 29, 2025, we detected unusual file activity in a development environment.
• As soon as we detected the issue, the development environment was disconnected.
• On February 18, 2025, we discovered that the threat actor claimed to have acquired and exposed data from our environment.

What are we doing?

1. Investigation – Partnering with a leading third-party cybersecurity firm to conduct an in-depth analysis of the incident.
2. Security Controls – Reviewing network isolation between development and other environments and access controls to further minimize risk.
3. Incident Response Training – Conducting additional security training and reinforcing best practices.
4. Continuous Monitoring – Implementing additional security measures to detect and mitigate threats in real-time.

Are we operational?

Our systems have remained operational despite this incident. We do not anticipate any disruptions to ourservices.

What has been impacted?

We are currently investigating the threat actor’s claims about stolen data from our environment. We will reach out directly to any clients if they are impacted.

We appreciate your patience during this time and will provide you with updates as they are available.

Best regards,
David Epperson
CISO
H2O.ai