Notice and Apology Regarding Unauthorized Access to Our Old Email System

 　It has come to light that there is a possibility that personal information may have been leaked due to unauthorized external access to accounts in the old email system previously used at the following stores operated by Zetton Co., Ltd. (hereinafter referred to as "the Company").
We sincerely apologize for the great inconvenience and concern we have caused to our customers, business partners, and all other parties involved.

Note

The store in question: "forty three" (Gifu City, Gifu Prefecture)
Number of accounts at the store in question: 2 accounts

Furthermore, payment information such as credit card information and My Number information are not included in the personal information for which the possibility of leakage cannot be ruled out, and at this time, there is no confirmation that any personal information has been made public.
Furthermore, this incident occurred in the old system that had already been decommissioned, and we have confirmed that it does not affect our current system or the system environment of our group companies.

We would like to report the facts known at this time and our future response as follows.

1. Overview
On September 18, 2025, one PC terminal used at the store "forty three" was infected with malware, and the authentication information for the account used on that terminal was stolen. As a result, from November 27 of the same year, continuous unauthorized logins from overseas occurred, and it was also discovered that emails were being sent from the account to multiple recipients.

2. Circumstances of discovery and response
On February 18, 2026, we received a report from an employee of the store in question that a suspicious email was in the mailbox of the account in question. We immediately isolated the affected device from the network. Upon further investigation, we confirmed the facts outlined in section 1 above. In addition, we commissioned an external security expert to conduct a detailed digital forensic investigation in order to identify the extent of the damage and determine the cause.
We sincerely apologize again for the time it took to accurately identify the extent of the damage and conduct a professional investigation, from the initial occurrence to its discovery and subsequent public announcement.

3. Personal information whose potential leakage cannot be ruled out
It has come to our attention that there is a possibility that the following individuals may have had their "names," "addresses," "telephone numbers," "email addresses," "allergy information," and "reservation details" leaked.

Total: 18,553
• Eligible persons:
1) June 2018 - September 2025 - Customers who made reservations at the affected stores through the reservation website - Customers who requested reservations directly via email to the affected stores or their employees - Business partners who communicated with the affected stores' employees via email - Our employees who used the old email system

2) December 2022 to September 2025

- Customers who requested a party at the store in question, and customers who were planning to attend.

*As previously stated, payment information such as credit card information and My Number information are not included in the personal information for which the possibility of leakage cannot be ruled out.

4. Individual notification and response to those affected
We are contacting those affected individually via email or postal mail in due course. If individual contact is not possible due to unknown contact information, this announcement will serve as notification. For any inquiries regarding this matter, please contact the inquiry desk listed below.

[Contact Information]
Dedicated toll-free number: 0120-125-377 (Operating hours: 10:00 AM - 5:00 PM, excluding Saturdays, Sundays, and public holidays)
Inquiry form: https://www.zetton.co.jp/contact/inquiry

*Please note that our phone lines may be busy and difficult to connect. If you are unable to get through, we sincerely apologize and ask that you please try calling again later.

5. Warning Regarding Suspicious Emails Based on our investigation so far, we have confirmed that emails were sent from the affected account after it was compromised. We earnestly request that customers and all concerned parties, if you receive any suspicious emails, absolutely do not click on any URL links in the body of the email or open any attachments, and delete the email immediately.

6. Initial response and measures to prevent further damage
Following the discovery of this incident, we immediately completed the following measures to prevent further damage.
- Complete isolation of the affected device from the network and preservation of evidence. - Password reset and complete suspension of accounts for all users of the old email system. - Password change for all other related services used on the PC that was compromised.

Furthermore, we reported this matter to the Personal Information Protection Commission immediately after it came to light.

7. Measures to prevent recurrence
We take this matter very seriously and have already implemented the following measures under the leadership of our internal IT department and external security experts.
- Block and discontinue the old email system affected by this incident. - Implement advanced security solutions that are standard to the group. - Reinforce employee training.

We will continue to strengthen our security measures and strive to prevent this from happening again.

That's all.