Cyber Incident Victim: Guardian Mortgage

On or about May 31, 2023, Progress Software Corporation notified Sunflower Bank, N.A., a wholly-owned subsidiary of FirstSun Capital Bancorp, of a zero-day vulnerability in its MOVEit managed file transfer software. The bank utilized this third-party software for securely transferring sensitive information, including data related to its Guardian Mortgage and First National 1870 divisions. The MOVEit system operated on an on-premises server segmented from the bank's core processing infrastructure. Before receiving this notification, an unauthorized actor likely exploited the vulnerability to download files containing personally identifiable information from the MOVEit server. The bank immediately activated response protocols upon discovery, retained third-party forensic experts, and launched a comprehensive investigation to determine the incident's nature and scope. All software patches issued by Progress Software were implemented following notification.

The investigation confirmed unauthorized access to files containing customer information, though the bank's core systems remained unaffected with no material operational disruption. Sunflower Bank initiated efforts to identify compromised data files and began direct notifications to potentially impacted individuals. Financial and reputational consequences included expenses for incident response, remediation, and investigation, with anticipated risks of litigation and regulatory scrutiny. The bank acknowledged ongoing evaluation of costs and impacts, including potential additional discoveries through forensic analysis. Customers were advised to monitor accounts and credit reports, with fraud alerts and credit freezes recommended through major credit bureaus. Sunflower Bank emphasized its fraud monitoring tools for personal and business account holders while continuing to assess the full scope of data exposure and associated liabilities.