Customer Updates

Erie Insurance: June 2025 Cybersecurity Incident Update

We have resumed full business operations following a June 2025 cybersecurity incident. Key services and systems have been safely and securely restored and our local agents, claims teams and customer care teams have returned to regular ways of serving customers.

After a thorough forensics investigation conducted by independent cybersecurity specialists, there is no evidence that any sensitive personal information, financial records or legally protected data was breached by the threat actor during this incident.

For more than 100 years, Erie Insurance has taken pride in being there for customers when they need us most. We appreciate the teams who have been working tirelessly on recovery efforts, and the agents and employees who have been upholding our Above All in Service promise.

Thank you for your patience and understanding.

Forward Looking Statements

The Company has made statements in this release that are forward-looking and therefore subject to risks and uncertainties, including those described below. All statements, other than statements of historical fact, included in this document are, or could be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995 and the applicable rules and regulations of the Securities and Exchange Commission (the "SEC") and are made in reliance on the safe harbor protections provided thereunder. These forward-looking statements relate to, among other things, the impact from the information security event, the scope of the investigation and the Company's plans, objectives, projections and expectations relating to the Company's operations or financial condition, and assumptions related thereto. These forward-looking statements are based on management's current beliefs and assumptions and on information currently available to management. We caution that these statements are subject to risks and uncertainties, many of which are outside of our control and could cause future events or results to be materially different from those stated or implied in this release, including, among others, the Company's ongoing assessment of the impacts of the information security event; the Company's expectations regarding its ability to contain and remediate the information security event; the impact of the information security event on the Company's relationships with customers, employees and regulators; legal, reputational and financial risks resulting from the information security event; and that any future, or still undetected, event, whether an attack, disruption, intrusion, denial of service, theft or other breach could result in unauthorized access to, or disclosure of, data, resulting in claims, costs and reputational harm that could negatively affect our actual results of operations or financial condition; and risks that are described in the Company's Annual Report and its Quarterly Reports on Form 10-Q, including the sections titled "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" contained in those reports, and in our other filings with the SEC. Any forward-looking statement made in this release speaks only as of the date on which it is made. The Company undertakes no obligation to publicly update or revise any forward-looking statement, whether as a result of new information, future developments, or otherwise.