Notice of Data Breach

Posted: 3/27/26.

Notice of Data Breach

TriMed, Inc. (“TriMed”), is informing individuals of a security incident that may have involved their personal information.

TriMed develops and sells hardware that is surgically implanted to repair or replace damaged or broken joints. A recent incident affected certain files, such as order forms and invoices, that may have contained information related to this hardware and the individuals who received it. In limited instances, these documents may have included personal information.

We encourage you to read the below notice carefully as it contains important information regarding the incident, our response, and steps you can take to help protect your information.

What Happened?

Upon detecting suspicious activity on certain systems, TriMed promptly launched an investigation, which confirmed that it had been the victim of a cybersecurity incident. TriMed also promptly engaged external cybersecurity specialists to help determine the scope and impact of the incident. Through this investigation, TriMed determined that certain files were potentially accessed or acquired without authorization between September 13, 2025, and September 21, 2025.

TriMed then undertook a comprehensive programmatic and manual review of those files and learned that some of certain personal information may have been involved in the incident.

What Information Was Involved?

The review identified that the files potentially involved in this incident included order forms and invoices for orthopedic implant parts. Typically, these documents do not contain personal information. However, TriMed determined that some files did contain certain personal information, which varies by individual, such as names and, in some instances, dates of birth, medical record numbers, and information related to implant parts ordered on their behalf (for example, the type of part, associated installation components such as screws, or the ordering surgeon’s name). This notice does not involve or relate to the exposure of any Social Security number, personal bank account or personal credit card data.

What We Are Doing.

Here at TriMed, we take the privacy and security of personal information seriously and deeply regret that this incident occurred. We took steps to address this incident promptly after it was discovered, including initiating an internal investigation and retaining an independent forensic investigation firm to assist us. Additionally, we have taken steps to further enhance the security of our systems. These efforts include strengthening existing security controls and threat detection practices, as well as integrating a global security operations center, all designed to help prevent this type of incident from recurring in the future. We will continue to review and update our security measures as appropriate. Please note that this notification was not delayed by law enforcement authorities; however, law enforcement was notified of the incident.

What You Can Do.

We strongly recommend reviewing the steps outlined below to help safeguard your information. Cybersecurity is an ongoing concern for everyone, as companies worldwide face increasing threats. By following the steps provided, individuals can better protect themselves.

1. Contact the Federal Trade Commission

You may contact the Federal Trade Commission (“FTC”), your state’s Attorney General’s office, or law enforcement, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s website at identitytheft.gov; call the FTC at 1-877-438-4338; or write to the FTC Consumer Response Center at 600 Pennsylvania Avenue, NW, Washington, DC 20580.

2. Place a Fraud Alert on Your Credit File

You have the right to ask that nationwide consumer reporting agencies place “fraud alerts” in your file to let potential creditors and others know that you may be a victim of identity theft. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you. You may place a fraud alert in your file by calling just one of the three nationwide consumer reporting agencies. As soon as that agency processes your fraud alert, it will notify the other two, which then also must place fraud alerts in your file.

• Equifax: P.O. Box 105069, Atlanta, Georgia 30348 | 1-800-525-6285 | https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
• Experian: P.O. Box 9554, Allen, Texas 75013 | 1-888-397-3742 | https://www.experian.com/help/fraud-alert/
• TransUnion: P.O. Box 2000, Chester, Pennsylvania 19016 | 1-800-916-8800 | https://www.transunion.com/fraud-alerts

3. Request Security Freezes

You have the right to request a security freeze from a consumer reporting agency, free of charge, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a security freeze may delay your ability to obtain credit.

Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit bureau. To place a security freeze on your credit report you must contact the credit reporting agency by phone, mail, or secure electronic means and provide proper identification of your identity.

The consumer reporting agencies may require proper identification prior to honoring your request. For example, you may be asked to provide the following information:

• Your full name, with middle initial as well as Jr., Sr., II, etc.
• Social Security number
• Date of birth
• Current address and all addresses for the past five years
• Proof of current address, such as a current utility bill or telephone bill
• Social Security Card, pay stub, or W-2;
• Legible copy of a government-issued identification card, such as a state driver’s license, state identification card, military identification, or birth certificate; and/or
• Any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles if you are a victim of identity theft

Below, please find the relevant contact information for the three consumer reporting agencies:

• Equifax: P.O. Box 105788, Atlanta, Georgia 30348 | 1-888-298-0045 | https://www.equifax.com/personal/credit-report-services/credit-freeze/
• Experian: P.O. Box 9554, Allen, Texas 75013 | 1-888-397-3742 | https://www.experian.com/help/credit-freeze/
• TransUnion: P.O. Box 160, Woodlyn, Pennsylvania 19094 | 1-800-916-8800 | https://www.transunion.com/credit-freeze

Once you have submitted your request, the credit reporting agency must place the security freeze no later than 1 business day after receiving a request by phone or secure electronic means, and no later than 3 business days after receiving a request by mail. No later than 5 business days after placing the security freeze, the credit reporting agency will send you confirmation and information on how you can remove the freeze in the future. Each agency will send you a confirmation letter containing a unique PIN or password that you will need to lift or remove the freeze. You should keep the PIN or password in a safe place.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the city in which you currently reside.

If you do place a security freeze prior to enrolling in the credit monitoring service as described above, you will need to remove the freeze in order to sign up for the credit monitoring service. After you sign up for the credit monitoring service, you may refreeze your credit file.

Other Important Information.

4. For New York Residents.

You can obtain information about security breach response, identity theft prevention, and identity protection information from the New York State Office of the Attorney General at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755 (toll-free) or 1-800-788-9898 (TDD/TTY toll-free line); https://ag.ny.gov/; and the Bureau of Internet and Technology (BIT), 28 Liberty Street, New York, NY 1000;1-212-416-8433; and https://ag.ny.gov/internet/resource-center.

For More Information.

We understand that this situation might raise questions or concerns, and we are here to support you. We have established a dedicated call center specifically for this matter. If you have any inquiries that were not addressed in this letter, please feel free to reach out to us at (844) 558-4660. Our agents are available to help you Monday through Friday, 9:00am to 9:00pm Eastern Time, excluding major U.S. holidays.