Waterstone Mortgage Information Security Practices Response to Cyber Attacks and Threats Waterstone Mortgage realizes borrowers entrust us with valuable information about themselves and their financial arrangements as part of the mortgage application process. We take this trust relationship seriously and make every attempt to protect this information while in our custody. There are an ever increasing number of incidences of cyberattacks and fraud within the mortgage industry. The perpetrators of these attacks are aggressive and energetic in looking for opportunities to interject themselves to gain financially through acquisition of customer data and through fraudulent financial transactions. There have been a number of well publicized email “phishing” attacks where borrowers and mortgage firms have been targeted by cyber criminals to generate wire transfers to fraudulent accounts. While many of these email requests have been identified and stopped before consummation, the messages look authentic and at some point will be successful. Waterstone Mortgage has established Information Security Policies and invested significantly in security infrastructure to protect borrower data. We subscribe to financial services industry alerts of potential attacks or financial crimes and promptly react with appropriate controls. We continually invest in updated security systems and processes to ensue borrower protection. We conduct regular vulnerability assessments and penetration tests as well as third party audits of our IT policies, procedures and infrastructure. Our robust information security infrastructures protects our data assets and supports the identification and filtering of fraudulent activity. However, the challenges of cyber attacks and other threats continue throughout the industry. There are several areas that borrowers should be aware of when originating a mortgage through Waterstone Mortgage: Personally Identifiable Information contained in email messages and documents should only be exchanged via encrypted email. WMC will never request that a borrower generate a wire transfer or other method of sending funds electronically through email or phone calls. Please be alert to and challenge any unusual phone calls, email messages, or other requests for information or for financial transactions which seem suspicious. When in doubt, confirm with the Loan Officer or the Waterstone Mortgage branch or corporate office before responding to requests. Waterstone Mortgage will continue to be alert to changing cybersecurity risks and will partner with our borrowers to ensure a successful and secure mortgage origination experience.