Material Cybersecurity Incidents

On March 11, 2026, Trio-Tech International ("Company") identified and responded to a cybersecurity incident in one of its subsidiaries ("subsidiary") in Singapore. The subsidiary experienced a ransomware incident that resulted in encryption of certain files within the Company's network. At that time, management determined that the incident was not material. On March 18, 2026, the incident escalated and resulted in the unauthorized disclosure of certain Company data. Following this development, management concluded that the incident may constitute a material cybersecurity event. 

Upon discovery of the cybersecurity incident, the subsidiary immediately activated its response protocols, implemented containment measures, including proactively taking its network offline, launching an investigation with the assistance of third-party cybersecurity professionals and notifying law enforcement in Singapore. The subsidiary is taking steps to contain the incident, restore affected systems, and enhance monitoring across its network environment. The subsidiary is in the process of notifying affected parties as required by applicable law.

The scope of the data potentially affected has not yet been fully determined, and the Company's investigation remains ongoing. The subsidiary is also working closely with its cyber insurance provider to support the investigation, remediation, and potential claims process.