DailyFunder Community,

I have always maintained transparency in all my posts about Centrex Software and our service to the alternative corporate finance community. We are dedicated advocates of the entire corporate finance space and operate our business with the utmost integrity. We deeply value our relationships with each of our clients, vendors, and partners.

We want you to hear from us directly before any false rumors or claims circulate within the industry. On May 21, 2024, Centrex Software became aware of a vulnerability within our service provider's system that was exploited by an unidentified, unauthorized party, potentially allowing access to client documents stored in our service provider's systems. We immediately worked with our service provider as they launched their incident response protocol to investigate the incident’s details, including to identify the responsible party, confirm the root cause, and verify the type of data that may be involved. They were able to successfully resolve the vulnerability by 5:45pm CST on May 21, 2024.

Currently, our team is focused on a comprehensive analysis to ensure we understand the full scope and nature of the incident. This analysis is augmented by external cybersecurity specialists at Kroll, SureFire Cyber, and our outside counsel. The FBI has been notified of this incident and we are making progress in determining who may be responsible for these actions. We fully intend to prosecute those involved in this egregious act.

While the immediate security concern has been addressed, we are taking steps to prevent future occurrences. We will share additional information as it becomes available, including any updates from law enforcement, and we will provide guidance on our customer and consumer notification process once our investigation is complete.

We will update the following FAQ with new information as it becomes available.

What was the issue identified?
We identified that code in a legacy client portal exposed a vulnerability in which an unauthorized third-party exploited client documents. It was discovered and patched on May 21, 2024. We are working closely with our cybersecurity specialists to confirm these details.

Why am I just being notified now on June 3rd 2024?
Our service provider's incident response protocol is a strict process and takes time to make sure Centrex Software customers are aware of the facts.

Was this ransomware?
No, this is not a ransomware incident.

Who is your service provider?
Set Forth, Inc. (“Forth”) provides the intellectual property and maintenance services for the Centrex Software platform. We are working closely with them to investigate this incident.

How did Centrex respond?
We engaged legal counsel and cyber forensics quickly upon discovery in accordance with our policies. We preserved all available logs for analysis, as well as requesting logs from our third-party providers.

What information was involved?
Our investigation into the incident remains ongoing. Once the investigation is complete, and if our review determines any customer or personal information is involved, we will notify the appropriate parties in accordance with our legal obligations and state and Federal law. We understand the importance of this information and will ensure that this process is carried out as quickly and efficiently as possible.

Who can we contact if we have more questions?
All questions concerning the incident should be submitted to incidents@centrexsoftware.com. We will respond to each question as soon as we can and appreciate your patience and understanding through this process.

We work hard every day to provide our clients a secure, reliable system, and to operate our business with the utmost integrity and transparency. We welcome any questions or comments you may have, and we remain committed to delivering on our promises to you.

Kind Regards,

Trey Markel
VP Sales & Marketing
(888) 622-5810
www.CentrexSoftware.com