Notice of Data Breach

Dear Valued Customers, Current and Former Employees,

We regret to inform you that Maxey Energy Company, Max-E-Stores, Inc., Max-E-Enterprises, Inc., and Max-Cash Express Stores, Inc. recently discovered and addressed a suspected data breach involving our network and servers hosting our accounting systems. Cyber-criminals illegally accessed our internally secured network and servers and initiated an encryption and ransomware attack between May 26 and May 28, 2024. We detected the breach on May 29, 2024, and immediately secured network access.

In response to the breach, we engaged an external security consultant to conduct a thorough review and strengthen our network security and policies. Our team restored our systems with enhanced security measures by June 13, 2024, and subsequently audited the information residing on the affected systems. We determined that the affected servers contained historical payroll data files, employment-related information, and customer credit and payment information.

While we cannot definitively confirm whether your information was compromised, it is possible that personally identifiable information about you was stored on the affected systems if you were an employee of any of the aforementioned companies. Customers who applied for credit or made payments by personal check for products may also be potentially affected. As a precautionary measure, we have revised our data storage policy and enhanced security protections for sensitive personal information.

Privacy and cybersecurity are paramount to Maxey Energy Company, and we are committed to protecting your information through continuous improvements in our technology and security protocols. If you have any questions regarding this incident, please contact us at 830-278-3711 (Option 4) or visit https://www.maxeyenergy.com/about/

If you believe you may have been affected by this breach, we encourage you to remain vigilant by closely monitoring your account statements and credit reports. If you detect any suspicious activity, promptly notify the financial institution or company where the account is held. It is also advisable to report any fraudulent activity or suspected incidents of identity theft to law enforcement authorities, including your state attorney general and the Federal Trade Commission (FTC).

To file a complaint with the FTC and receive guidance on protecting your identity, visit IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). Additional information on identity protection and cybersecurity can be found on the FTC’s Consumer Information website at https://www.consumer.ftc.gov/topics/privacy-identity-online-security.

Credit Monitoring and Protection Options

We recommend obtaining a free copy of your credit report from each of the three major credit reporting agencies annually. Visit http://www.annualcreditreport.com, call toll-free 877-322-8228, or complete the Annual Credit Report Request Form and mail it to Annual Credit Report
4882-7105-3773, v. 1
Request Service, P.O. Box 105281, Atlanta, GA 30348. Request forms are available at
https://www.annualcreditreport.com/requestReport/requestForm.action.

For inquiries or to request a credit report, contact the following credit reporting agencies:

• Equifax: (866) 349-5191, www.equifax.com
• Experian: (888) 397-3742, www.experian.com
• TransUnion: (800) 888-4213, www.transunion.com

Consider placing a fraud alert on your credit report, which notifies creditors of potential fraudulent activity. A security freeze (credit freeze) is another option to prevent unauthorized access to your credit report. Visit http://www.annualcreditreport.com for more information.

Protect yourself from identity theft with guidance from the FTC’s Consumer Information website at https://www.consumer.ftc.gov/topics/privacy-identity-online-security and review Identity Theft – A Recovery Plan at https://www.consumer.ftc.gov/articles/pdf-0009_identitytheft_a_recovery_plan.pdf for a comprehensive guide to safeguarding your identity.