On September 27, 2023, FirstSun Capital Bancorp, the parent company of Sunflower Bank, Guardian Mortgage and First National 1870 (collectively, “Sunflower”), filed a notice of data breach with the Attorney General of California. In this notice, Sunflower Bank explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Sunflower Bank began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Sunflower Bank, Guardian Mortgage or First National 1870, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Sunflower Bank data breach. For more information, please see our recent piece on the topic here.
What Caused the Sunflower Bank Breach?
The Sunflower Bank data breach was only recently announced, and more information is expected in the near future. However, Sunflower Banks’ filing with the Attorney General of California provides some important information on what led up to the breach. According to this source, Sunflower Bank used a software called MOVEit to securely transfer files. On around May 31, 2023, Sunflower Bank was notified by Progress Software Corporation, the creator of MOVEit, of a previously unknown vulnerability in MOVEit.
After Sunflower Bank was informed of the MOVEit vulnerability, it worked with Progress Software to implement all fixes to the software. Additionally, Sunflower Bank launched an investigation into the incident in hopes of learning what, if any, consumer data was affected by the MOVEit vulnerability.
After learning that sensitive consumer data was accessible to an unauthorized party, Sunflower Bank reviewed the compromised files to determine what information was leaked and which consumers were impacted.
Sunflower Bank’s investigation is ongoing. However, on July 14, 2023, the company explained in an official filing with the Securities and Exchange Commission that it believes “an unauthorized party likely took advantage of the flaw in the MOVEit software and downloaded copies of files [containing] personally identifiable information.”
On September 27, 2023, Sunflower Bank sent out data breach letters to those who are believed to have been affected by this data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Sunflower Bank, N.A.
Founded in 1892, Sunflower Bank is a financial institution based in Denver, Colorado. Sunflower Bank operates dozens of branches in Colorado, New Mexico, Kansas, Texas, and Arizona and offers mortgages to customers in 43 states. Sunflower Bank is a wholly-owned subsidiary of FirstSun Capital Bancorp. Guardian Mortgage and First National 1870 are divisions of Sunflower Bank, N.A. Sunflower Bank employs more than 1,155 people and generates approximately $286 million in annual revenue.
