Data breach information

Data Controller:
Express Heroes

Data of the Affected Persons:
All current and former Employees all Contractors

Important information about a Personal Data Breach

Acting on the basis of Article 34(1) of the GDPR, we would like to inform you that on 19.02.2026 there was a Personal Data Breach in IT System of Express Heroes.

1. Description of the infringement:

The breach consisted of unauthorized breaking into the IT system of Express Heroes and encrypting the data stored in this system by cybercriminals.

Event date: 19.02.2026

Nature of the breach: loss of confidentiality, integrity and availability of personal data.

2. What data has been compromised?
The breach concerns the following data:

For Employees: name, surname, address of residence, e-mail address, ID number, tax identification number, bank account number, salary amount, HR data related to employment.

For Contractors: Company name, contact details and registration numbers, bank account number, invoice amounts, transaction history.

3. Possible consequences:
Due to the nature of the data, there is a risk of: identity theft, financial fraud and receiving spam.

4. Countermeasures taken:
To minimize the negative effects, the violation was reported to law enforcement authorities and to data protection authorities.

5. Recommendations for you:
We recommend that you take the following measures to protect your data:

• Be cautious of suspicious phone calls/emails – possible attempts at financial fraud, 
• Considering obtaining new identity documents – this will reduce the possibility of identity theft.

6. Contact:
If you have any questions, please contact the Data Protection Officer: Michał Zygmunt, e-mail: dpo@expressheroes.eu