ISIS Papyrus Press Release

Security Incident Notification and Update

Vienna, Austria Sept 2025 Papyrus Group is issuing this notification to inform our customers, partners, and the public about a recent security incident that affected one of our internal IT networks.

Summary and Immediate Response

On August 19, 2025, our IT teams detected and immediately acted to contain an intrusion on our network, which was identified as a ransomware attack targeting our IT infrastructure. We want to assure you that immediate action was taken. Our teams worked diligently to secure our systems and implement all necessary measures to contain the intrusion and limit its effects.The operational disruption was promptly resolved. We also immediately engaged a leading external forensic company to conduct a thorough investigation and analysis.

Critical Assurances on Data and Operations

The security and continuity of our clients’ businesses were our highest priority throughout this incident. Based on the ongoing forensic investigation, we can provide the following critical assurances:

• No Customer Data Impact: The investigation has confirmed no impact on our products or our ability to maintain deliveries to our customers.
• No Data Leakage Identified: To date, and after extensive research, Papyrus Group has not identified any data leakage or unauthorized exfiltration of data from our network.
• GDPR Data Not Affected: We can confirm there is no indication that any GDPR-protected data was compromised or exfiltrated.
• Customer Data Separation: We want to reinforce that Papyrus Group does not host customer production data or any GDPR-related data belonging to their business or customers. Since we deliver standard software for customers to host on their own premises or chosen cloud infrastructure, the incident on our internal network did not expose customer environments.

Commitment to Security and Transparency

The threat actor has been isolated and contained. While the forensic analysis is still ongoing, we are committed to maintaining full transparency.

We are taking, and will continue to take, all necessary steps to strengthen our defenses, including the implementation of additional security measures to prevent future threats. We remain in close contact with our clients, partners, and the dedicated authorities in accordance with all regulatory requirements.

We sincerely apologize for any concern this incident may have caused and appreciate your understanding. We will keep you informed should any new, significant information arise.

If you have any questions, please do not hesitate to contact your dedicated Account Manager or our Support Team.