H2O.ai Security Update – March 31, 2025

03/31/2025 (Update to 3/13 Bulletin)

Dear Customers and Partners,

Following our March 13, 2025 update, we are providing our final update on our security incident. Our investigation into how this incident occurred, conducted with the assistance of CrowdStrike, is now complete.

Final Findings

• As previously reported, no unauthorized activity has been detected in our environment since January 29, 2025
• The forensic investigation has confirmed that the unauthorized activity associated with this incident was only found on a specific development environment
• No evidence has been found that production systems or environments containing sensitive customer data were accessed
• Our systems have remained fully operational throughout the incident, with no disruption to services

Data Assessment Conclusion

• No sensitive customer datasets were identified in our review of potentially impacted files
• he affected data was primarily related to internal H2O.ai materials and routine business documents, such as purchase orders, service agreements, standard support tickets, and internal sales collateral

Remediation Actions

We have implemented additional security measures to strengthen our infrastructure and enhanced our monitoring capabilities. These actions have been taken as a precautionary measure to further protect our systems.

Moving Forward

With the investigation now concluded, we maintain our previous assessment that this incident poses no further risk of unauthorized use or disclosure of customer data, nor do we believe there is any risk of harm to our customers as a result of this incident.

For any questions or to request a copy of the final CrowdStrike report, please contact our security team at security@h2o.ai.

Thank you for your continued partnership and trust.

Dina Lyon

VP, Corporate Marketing | H2O.ai