Notice of Third-Party MOVEit Data Breach

There has been a recent widespread global cybersecurity incident that exploited a vulnerability in the MOVEit file transfer program. Like thousands of other organizations, across many industries around the world, Sunflower Bank, N.A. utilizes MOVEit for securely transferring sensitive and confidential information, and other data, including for its First National 1870 and Guardian Mortgage divisions. The MOVEit software is not part of the Bank's core processing systems and is housed separately from the Bank’s other IT systems. A formal statement on the incident is available in the FirstSun Capital Bancorp July 14, 2023 8-K filing.

Upon receiving notice from MOVEit, we promptly enacted response protocols to address the MOVEit vulnerability and protect our data. In addition, a third-party forensic expert was retained, and a comprehensive investigation was launched to determine the nature and scope of the incident. 

Since receiving notice of the situation, we have implemented all fixes to the software issued by MOVEit. Unfortunately, in the course of our investigation, we learned that files containing customer information likely were accessed or acquired without authorization in connection with this incident. We are working to identify any potentially affected data files and are in the process of directly notifying any potentially impacted parties. 

In addition to watching for our direct notifications to any potentially impacted customers, we strongly encourage all customers to take proactive steps to protect your personal and business information against identity theft. Below are a few important tips. For more detailed information on how to stay vigilant against fraud, visit the Security Center articles on our website.   

1. Keep a close eye on your financial accounts and credit score.

2. Consider placing fraud alerts or credit freezes with major credit bureaus:

3. Stay alert for emails, phone calls, or messages from unknown sources asking for personal or business information.

4. Engage the proper authorities immediately if you believe you are the victim of identity theft. If you believe that your Social Security information has been compromised, contact Social Security Administration’s toll-free number: 800.772.1213

Sunflower Bank provides customers with a number of fraud monitoring tools including a fraud text alert program and Credit Sense for personal banking debit cardholders. Business customers have access to fraud mitigation services through our Treasury Management services.

Any potentially impacted customers will be notified directly. Any required public updates to the incident will be posted on this page.