EOS Matrix rejects the possibility of unauthorized extraction of personal data from its own database and has filed a criminal complaint with the State Attorney's Office (DORH).

Forensic investigations conducted by an independent IT company have determined that the data provided to AZOP significantly differs from the data contained in the EOS Matrix Ltd. database. The data anonymously submitted to AZOP contains three categories of information – name and surname, date of birth, and OIB (personal identification number), and does not include financial or any other data exclusively related to the business processes of EOS Matrix.

This confirms that EOS Matrix is not the source of the data under AZOP's supervision. In order to verify and confirm the level of data protection and the stability of EOS Matrix's information security system, an independent forensic analysis was conducted. System and business process checks have shown no evidence that the data was unauthorizedly extracted from the EOS Matrix system.

In order to determine the actual source of the data provided to AZOP and the circumstances related to the alleged unauthorized disclosure of personal data, on May 5, 2023, EOS Matrix filed a criminal complaint with the Municipal State Attorney's Office in Zagreb against an unknown perpetrator on reasonable suspicion of committing serious criminal offenses against computer systems, programs, and data, as well as unauthorized use of personal data.

We emphasize that from the beginning of the supervision process, EOS Matrix has fully cooperated with AZOP in a transparent manner, providing all requested documentation in full and within the specified deadlines. We have been available for all necessary explanations and the provision of additional data.

EOS Matrix implements extensive organizational and technical measures to protect personal data. Highly developed security standards and protection of personal data of the subjects represent the basic prerequisites for the debt collection process. Since 2018, EOS Matrix has held the ISO/IEC 27001:2013 information security certificate, recognized as one of the highest international certification standards in the field of information security and data protection. Additionally, our technical and organizational data protection measures are very specific and clearly defined in internal documentation, implemented within the company.

Following the above, after careful consideration of AZOP's decision, we intend to utilize all legal remedies available to protect our legitimate interests and take all other legal actions to preserve our rights, protect the Company's reputation, and all our stakeholders.