2023-07-06 FIRST COMMONWEALTH FINANCIAL CORP /PA/ Cybersecurity Incident

Page last updated on April 11, 2024

FIRST COMMONWEALTH FINANCIAL CORP /PA/ initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-07-06 16:31:04 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2023-07-06
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2023-07-06

FIRST COMMONWEALTH FINANCIAL CORP /PA/ filed an 8-K at 2023-07-06 16:31:04 EDT
Accession Number: 0000712537-23-000095

Item 8.01 Other Events.

First Commonwealth Bank (the “Bank”), a wholly-owned subsidiary of First Commonwealth Financial Corporation (“First Commonwealth”), has received written notice from a third party prominent financial institution vendor that data specific to certain of its customers was likely obtained in a security incident that the vendor experienced targeting a zero-day vulnerability in the MOVEit file transfer application, which the vendor utilized in its service offering to the Bank (the “Vendor Incident”). Based on the investigation to date, it is likely that certain of the Bank’s customers who use debit cards had personal information copied through the Vendor Incident. The vendor confirmed that it has implemented the recommended patches released by Progress Software for the MOVEit platform to date. The Bank worked with the vendor to determine the potentially impacted customers and the extent of information potentially exposed and the Bank is notifying potentially affected customers appropriately.

At this time, there is no indication that the Vendor Incident has had any impact on any of the Bank’s information systems or customer access credentials, and there has been no material interruption to the Bank’s business operations. First Commonwealth has incurred, and may continue to incur, certain expenses related to this Vendor Incident, including expenses to respond to, remediate and investigate this matter. Further, First Commonwealth remains subject to risks and uncertainties as a result of the Vendor Incident, including as a result of any data that was accessed. Additionally, security and privacy incidents have led to, and may continue to lead to, litigation and additional regulatory scrutiny. First Commonwealth is in the process of evaluating the full scope of the costs and impact of the Vendor Incident.

Company Information

SIC DescriptionNational Commercial Banks
TickerFCF - NYSE
CategoryLarge accelerated filer
Fiscal Year EndDecember 30