Notice of Recent Security Incident

Protecting the security of our customers and safeguarding our data and the integrity of our business operations is at the forefront of everything we do. We would like to share information about a recent security incident involving Fortinet and our response to-date.

An individual gained unauthorized access to a limited number of files stored on Fortinet's instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers. To be clear:

• To-date there is no indication that this incident has resulted in malicious activity affecting any customers.
• Fortinet's operations, products, and services have not been impacted, and we have identified no evidence of additional access to any other Fortinet resource.
• The incident did not involve any data encryption, deployment of ransomware, or access to Fortinet's corporate network.
• Fortinet immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans.
• Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have, a material impact to our financial condition or operating results.

After identifying the incident, we immediately began an investigation, contained the incident by terminating the unauthorized individual's access, and notified law enforcement and select cybersecurity agencies globally. A leading external forensics firm was engaged to validate our own forensics team's findings. Moreover, we have put additional internal processes in place to help prevent a similar incident from reoccurring, including enhanced account monitoring and threat detection measures.

This blog contains forward-looking statements as defined in the Private Securities Litigation Reform Act of 1995. Such forward-looking statements include statements regarding the nature and known extent of the incident, the potential disruption to Fortinet's business, customers, and operations, and the potential impact on Fortinet's operations, reputation, financial conditions, and results of operations. These statements involve certain risks and uncertainties that may cause actual results to differ materially from expectations as of the date of this blog. Among the factors that could cause actual results to differ materially from those indicated in the forward-looking statements are risks and uncertainties associated with the incident, risks related unknown security breaches or incidents, as well as other risks listed or described from time to time in Fortinet's filings with the Securities and Exchange Commission (the "SEC"), including the Company's Annual Report on Form 10-K filed with the SEC on February 26, 2024 and its most recent Form 10-Q for the quarter ended June 30, 2024 filed with the SEC on August 8, 2024. All forward-looking statements are based on information and estimates available to Fortinet at the time of this publication and are not guarantees of future performance. Except as required by law, Fortinet assumes no obligation to update any of the statements in this blog.