2023-02-14 TRICO BANCSHARES / Cybersecurity Incident

Page last updated on April 11, 2024

TRICO BANCSHARES / initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-02-14 06:59:36 EST.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2023-02-07
Detected Date:
Disclosure Date: 2023-02-14
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2023-02-14

TRICO BANCSHARES / filed an 8-K at 2023-02-14 06:59:36 EST
Accession Number: 0000356171-23-000006

Item 7.01 Regulation FD Disclosure.

Website Posting Concerning Internal Network and Operations

On February 14, 2023, Tri Counties Bank (the “Bank”), the subsidiary of TriCo Bancshares (the “Company”), posted information on its website concerning a cybersecurity incident and its response. A copy of the posting is furnished as Exhibit 99.1 to this Current Report on Form 8-K.

As more facts become known, subsequent updates are planned to be provided and made accessible via the Bank’s website at www.tcbk.com.

Investor Presentation

Certain members of the Company’s executive management team plan to be in attendance at the 30th Annual Winter Financial Services Conference hosted by Keefe, Bruyette & Woods on February 15 - 17, 2023. The attending executive officers of the Company intend to use the materials filed herewith, in whole or in part, in one or more presentations, discussions or meetings with investors.

The information furnished with this Item 7.01, including Exhibits 99.1 and 99.2, shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or otherwise subject to the liabilities of that section, nor shall it be deemed incorporated by reference into any other filing under the Securities Act of 1933, as amended, or the Exchange Act, except as expressly set forth by specific reference in such a filing.

Exhibit No. 99.1

Website Posting Concerning Internal Network and Operations dated February 14, 2023

8-K filed on 2023-10-13

TRICO BANCSHARES / filed an 8-K at 2023-10-13 16:35:17 EDT
Accession Number: 0000356171-23-000053

Item 8.01 Other Events.

As initially disclosed in its Current Report on Form 8-K filed on February 14, 2023, TriCo Bancshares’s (the “Company”) subsidiary, Tri Counties Bank (the “Bank”), experienced a cybersecurity incident. After detecting unusual network activity, management shut down networked systems by taking them offline, preventing the use of internal systems, data and telephones for a limited period of time. Immediately following the incident, the Bank launched an investigation, retained a digital forensics firm, and notified law enforcement and banking regulators. The Bank restored access to its internal systems and communication capabilities, including e-mail correspondence and telephones, after approximately one week. The Bank’s core-banking systems, which are hosted outside of the Bank, were not accessed or impacted.

The Bank determined that its internal bank network had been infected with malware which prevented access to certain files on the network. Through its investigation, the Bank determined that, between February 7, 2023, and February 8, 2023, an unauthorized actor may have had access to certain systems that stored certain sensitive information. Following an extensive review of the potentially impacted data which was completed on October 9, 2023, the Bank determined certain types of personal information of certain customers, customer employees, individuals associated with customers, and Bank former and current employees may have been impacted by this incident. While the information varies by individual, some of the types of information that may have been impacted includes name, identification numbers (e.g., Social Security, driver’s license, state identification, passport, and/or tax identification), financial account information, medical information, health insurance information, date of birth, digital/electronic signature, access credentials, and mother’s maiden name. All potentially impacted individuals will be notified in accordance with applicable laws and will be offered 24 months of Experian IdentityWorks credit monitoring and credit restoration services at no cost. The Bank is also notifying regulatory authorities in accordance with applicable law. A copy of a press release updating earlier public filings and to comply with certain state substitute notice laws (where the Bank does not have an address of a potentially impacted individuals) issued on October 13, 2023 is included as Exhibit 99.1 to this report.

The Company has incurred, and may continue to incur, certain expenses related to this incident. Further, the Company remains subject to risks and uncertainties as a result of the incident, including as a result of potential litigation, changes in customer behavior, and/or additional regulatory scrutiny. While the Company maintains insurance to cover losses related to cybersecurity risks and business interruption, such policies may not be sufficient to cover all losses of this incident or any future incidents.

Company Information